GhostNet highlights evolving threat environment

Attacks are increasingly sophisticated and targeted, making them difficult to defend against.

The high-profile disclosure over the weekend of the GhostNet cyberespionage ring that targeted 1,295 computers in more than 100 countries underscores how highly targeted and sophisticated attacks, often run by criminals, are changing the security landscape, according to a security researcher at Symantec.

"How much is the landscape changing? It's changing drastically," said Joe Pasqua, vice president of research at Symantec Research Labs.

GhostNet, documented in a report released on Sunday by the SecDev Group's Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto, used malware and social engineering to give attackers full access to compromised computers. It also let attackers control the video cameras and microphones of these computers, letting them remotely monitor activity in the room where the computer was located.

"It's another example of the sophistication of the types of attacks that are being put together," Pasqua said.

The highly targeted nature of GhostNet and similar attacks makes it difficult for antivirus vendors to respond quickly.

"In the old days, you had a threat that targeted hundreds of thousands of people. It was extremely likely that Symantec was going to have a copy of it very early on and the vast majority of those hundreds of thousands of people were going to be protected," Pasqua said. "Now you have these targeted attacks that may only target a handful of people."

"By the time we get a sample, it can be too late. They've already gone and morphed into another variant," he said. "There's no end in sight."

While there has been a lot of speculation that GhostNet was developed and controlled by the Chinese government, criminal groups are just as likely to be responsible for these types of attacks.

"The profile of the attackers has completely changed over the last few years and has gone from vandals, kids looking to have some fun and make a reputation for themselves, into a very economically motivated body of attackers," Pasqua said. "They are getting more sophisticated in what they're doing and, furthermore, they are acquiring larger resources."

To help counter the changing security threat, Symantec Research Labs is developing security technologies that are based on virtualization or use reputation to separate trusted Web sites and servers from machines that could pose a threat.

"My team is also doing advanced research in behavioral analysis as well as automatic signature generation," Pasqua said.

Symantec's aim is to match the automated generation of new malware variants by attackers. "Instead of fingerprinting specific pieces of malware, in essence we fingerprint these behaviors," he said.

Technical measures alone can't stop determined attackers. In the case of GhostNet, social engineering was a key component of the attack, used to trick users into downloading malware without their knowledge. This is an area where companies and individuals need to take steps to protect themselves.

"Education is an important thing, getting the word out on good hygiene and good behavior for users on the Internet is important for everyone," Pasqua said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags espionageghostnet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?