Chinese possibly behind GhostNet attacks
Tuesday, March 31, 2009
The network security industry is reacting strongly to cyberthreats from China after a report over the weekend revealed that a cyberespionage network called GhostNet may be based from servers in mainland China.
Security researchers in Canada identified "high-value targets" victimized by cyberattacks from GhostNet, including the Dalai Lama, foreign embassies and ministries and NATO. Ron Deibert and Rafal Rohozinski released their 53-page report Sunday.
"The attacker(s) are able to exploit several infection vectors," the researchers wrote. "First, they create web pages that contain drive-by exploit code that infects the computers of those who visit the page. Second, the attacker(s) have also shown that they engage in spear phishing in which contextually relevant emails are sent to targets with PDF and DOC attachments."
Security experts said the attacks could be from other sources, although circumstantial evidence points to the involvement of Chinese hackers, even if they are not controlled by the communist regime.
The attacks were highly sophisticated, suggesting a level of skill and motivation that ordinary cybercriminals lack, experts said. The hackers were able to use spear-phishing emails that linked the exploited machines to command servers that order infected PCs to send stolen data, experts said.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
