Application control of email attachments could have prevented the GhostNet infiltration

News by Dan Raywood

The GhostNet espionage may have been done by amateur hackers due to the level of technology used.

The GhostNet espionage may have been carried out by amateur hackers due to the level of technology used.


Paul Henry, security and forensic analyst at Lumension, claimed that the low-level technology used to infiltrate the attack points the finger at amateur work, rather than full-on cyber-espionage activity, which would likely involve much more sophisticated technology than what was used.


He claimed that rootkit technology was used, that provided the ability to remotely control multiple compromised PCs through a management console.


Henry said: “The rootkit that was deployed was readily detected using standard tools. Had this been a ‘current generation' rootkit that embedded itself below the OS within a driver or at the kernel level and used a covert channel for communications, chances are they would have missed it, and it would still be operating.”


He further claimed that infection could have been prevented by using application control, as the malicious applications that would install the rootkit would not be permitted to run.


Henry said: “The bad guys are simply taking advantage of the many known vulnerabilities in socially acceptable email attachments that can allow them to execute arbitrary code due to the failure of organisations to responsibly patch the respective applications to mitigate the vulnerabilities.


“Many organisations waste a great deal of time and effort on trying to figure out the bad guys next delivery method with glorified gold plated gateway devices, when in reality, they could have fully mitigated their risk by simply using responsible patch management.


“Bottom line - had they been responsibly using vulnerability management and application control technologies, this incident would have been entirely preventable.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews