GhostNet highlights evolving threat environment

Attacks are increasingly sophisticated and targeted, making them difficult to defend against.

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1,295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec.

"How much is the landscape changing? It's changing drastically," said Joe Pasqua, vice president of research at Symantec Research Labs.

GhostNet, documented in a report released on Sunday by the SecDev Group's Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located.

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.

The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.

"In the old days, you had a threat that targeted hundreds of thousands of people. It was extremely likely that Symantec was going to have a copy of it very early on and the vast majority of those hundreds of thousands of people were going to be protected," Pasqua said. "Now you have these targeted attacks that may only target a handful of people."

"By the time we get a sample, it can be too late. They've already gone and morphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

"The profile of the attackers has completely changed over the last few years and has gone from vandals, kids looking to have some fun and make a reputation for themselves, into a very economically motivated body of attackers," Pasqua said. "They are getting more sophisticated in what they're doing and, furthermore, they are acquiring larger resources."

To help counter the changing security threat, Symantec Research Labs is developing security technologies that are based on virtualization or use reputation to separate trusted Web sites and servers from machines that could pose a threat.

"My team is also doing advanced research in behavioral analysis as well as automatic signature generation," Pasqua said.

Symantec's aim is to match the automated generation of new malware variants by attackers. "Instead of fingerprinting specific pieces of malware, in essence we fingerprint these behaviors," he said.

Technical measures alone can't stop determined attackers. In the case of GhostNet, social engineering was a key component of the attack, used to trick users into downloading malware without their knowledge. This is an area where companies and individuals need to take steps to protect themselves.

"Education is an important thing, getting the word out on good hygiene and good behavior for users on the Internet is important for everyone," Pasqua said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags espionageghostnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?