GhostNet highlights evolving threat environment

Attacks are increasingly sophisticated and targeted, making them difficult to defend against.

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1,295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec.

"How much is the landscape changing? It's changing drastically," said Joe Pasqua, vice president of research at Symantec Research Labs.

GhostNet, documented in a report released on Sunday by the SecDev Group's Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located.

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.

The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.

"In the old days, you had a threat that targeted hundreds of thousands of people. It was extremely likely that Symantec was going to have a copy of it very early on and the vast majority of those hundreds of thousands of people were going to be protected," Pasqua said. "Now you have these targeted attacks that may only target a handful of people."

"By the time we get a sample, it can be too late. They've already gone and morphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

"The profile of the attackers has completely changed over the last few years and has gone from vandals, kids looking to have some fun and make a reputation for themselves, into a very economically motivated body of attackers," Pasqua said. "They are getting more sophisticated in what they're doing and, furthermore, they are acquiring larger resources."

To help counter the changing security threat, Symantec Research Labs is developing security technologies that are based on virtualization or use reputation to separate trusted Web sites and servers from machines that could pose a threat.

"My team is also doing advanced research in behavioral analysis as well as automatic signature generation," Pasqua said.

Symantec's aim is to match the automated generation of new malware variants by attackers. "Instead of fingerprinting specific pieces of malware, in essence we fingerprint these behaviors," he said.

Technical measures alone can't stop determined attackers. In the case of GhostNet, social engineering was a key component of the attack, used to trick users into downloading malware without their knowledge. This is an area where companies and individuals need to take steps to protect themselves.

"Education is an important thing, getting the word out on good hygiene and good behavior for users on the Internet is important for everyone," Pasqua said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags espionageghostnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?