The notion that governments utilise specialised malware to capture commercial secrets is seen by the masses as pure fiction. However, state-sponsored cyber espionage is a much wider spread problem than organisations accept, and one that only tends to be accepted if they have suffered, or have seen irrefutable proof, write Ian McGurk and Peter Yapp of Control Risks.
The evolving threat from specialised malware is highly sophisticated, which tends to be targeted at very specific information and is invisible to conventional protection methods.
If an organisation's commercial activities are of particular interest to certain states, then there is a high probability of malware within the organisation that is able to identify and siphon the information related to those activities. We have investigated many instances where state-sponsored espionage has been used within organisations and have seen the evidence first hand.
As the recent GhostNet report demonstrates, organisations need to rethink their protection strategies. Although protecting against such invisible threats may appear impossible, there are ways to create barriers which make such attacks more difficult.
This form of hacking will be often be undetectable for long periods (zero day), because the malware is unique. However, as the malware is used more widely it will eventually be detected by standard anti-virus vendors even though the intent and perpetrator will often not be obvious.
Many countries participate in this activity to harvest information for the competitive advantage of their state owned or commercial organisations and some countries have a greater desire and capacity than others.
The Ghost Network has raised fears that Britain is vulnerable to an attack which could threaten vital services. Certainly, as discovered, this type of malware has the power to take over and manipulate systems. However, it tends to be utilised in a stealthy and unobtrusive manner often collecting and reporting business intelligence for long periods of time rather than being infectious or destructive.
This was first published in March 2009