![]() However, all it takes for a botnet like GhostAdmin to compromise your customer data is a single user who downloads a compromised file and accidentally puts the rest of your network at risk. Training users to be able to spot risky downloads can help reduce the chances of an infection. GhostAdmin, which is written in C# and is on version 2.0, is based on a botnet family called CrimeScene that was prevalent 3-4 years ago and could easily replicate its predecessor’s widespread success. Although GhostAdmin’s network is still small, botnets are often structured to grow rapidly, using one infected machine to reach many others in rapid succession. Given that almost every business stores some type of customer data that might intrigue a malicious actor, the nature of these attacks should put most IT professionals on alert. From the lottery website, the botnet downloaded a database containing sensitive customer information including names, addresses, email addresses, birthdates, and employers. Several hundred gigabytes of data were downloaded from the cyber café alone. Two large companies – an internet cyber café and a lottery website - have been reported as presumed victims of live attacks so far. GhostAdmin’s network of infected computers is still small. Stolen data is sent to the botnet owner’s File Transfer Protocol (FTP) server, and the owner is notified each time the malware is used. Using the IRC channel, the owner can execute requests for infected devices to download files, record audio, take screenshots, copy files, enable remote desktop, and more. GhostAdmin operates by establishing an infected Internet Relay Command (IRC) channel that the botnet’s owner can use for Command and Control (C&C). While GhostAdmin has mostly been used for data theft, its available commands give the botnet owner the power to take over devices, spy on users, download data, and install more software for other nefarious purposes. ![]() The botnet is also able to gain boot persistence, meaning that restarting an infected device will not remove the malware. ![]() For example, it can remove log files, wipe internet history, and self-terminate, and its own components may mimic ordinary Windows files. Once a device has been compromised, the botnet is designed to cover its tracks and keep users in the dark about its presence. Even a user with a vague awareness of security precautions could mistake it for legitimate software and be convinced to download the malware. One version of GhostAdmin posed as Symantec Endpoint Protection, and a related variant called Zodiac mixed the Avast product name with the logo for Avira. GhostAdmin infects PCs by mimicking well-known security tools that users might be inclined to trust and download. The power of a botnet’s network can also be used to spy on a victim’s personal information, distribute malware, and steal huge amounts of data, which is how GhostAdmin has been used so far. Mirai executed that attack by first creating a network of Internet of Things (IoT) devices and then commanding them to flood Dyn with traffic. While a single device may or may not be useful on its own, leveraging an entire network of devices provides rocket fuel for almost anything that a botnet owner wants to accomplish.įor example, you may remember when the high-profile Mirai botnet was in the news last year for causing widespread internet outages with its distributed denial-of-service (DDoS) attack against Dyn DNS. GhostAdmin is a botnet, a type of malware that operates by creating a network of infected host machines (a robotic network) that are all controlled by the botnet’s owner. Its network of infected devices is still small, but it has already been used to steal hundreds of gigabytes of data from large companies, making it a threat you need to understand and watch out for. Just last month, researchers at MalwareHunterTeam discovered a relatively new botnet called GhostAdmin that quietly siphons data from infected devices while it masquerades as a legitimate antivirus tool and obscures the symptoms of its attack with specialized features. ![]() With large corporations like Arby’s, Popeye’s, and Intercontinental Hotels all reporting breaches since the beginning of this year alone, it’s essential for IT professionals to keep an eye out for emerging threats that target valuable user data. Data theft is a major threat to businesses in today’s economy.
0 Comments
Leave a Reply. |