Trusted Internet Blog

Thoughts, Guidance, Musings

Cyber Security Case Study: Trusted Internet Stops Dangerous “Gh0stRat” at Two Companies in US and Canada

Posted by Jeff Stutzman, Founder | Dec 16, 2018 5:35:13 PM

Recently Trusted Internet deployed and installed a Small Business Unified Threat Manager (UTM) service, to a 100 person oil and gas engineering company in Canada. Within 12 hours...

Trusted Internet’s Security Operations Center (SOC) identified, and stopped Gh0stRAT, from being installed by a Botnet operating out of a public cloud datacenter in San Diego, CA. Gh0stRAT is a “Remote Administration Tool” also known as a “Trojan Horse”, that cyber criminals use to gain access and control of businesses, governments, power and utility companies. Gh0StRAT is an advanced persistent threat that can appear dormant for months then strike without notice. Gh0stRAT was written by Chinese coders for Chinese cyber espionage. Its use is more widespread today than when it was originally intended. It is now well known to be used for cyber espionage, gaining ransom, and other government or state sponsored cybercrimes.  It is now on version 3.6 and is quite healthy -here recently targeting two engineering companies in the Oil and Gas supply chain countries apart.

Due to the expert, 24x7x365 cyber security monitoring from Trusted Internet’s SOC, businesses are being protected from dangerous cybercrime. Nearly at the same time down south near the Gulf of Mexico, Trusted Internet SOC analysts had blacklisted an address pushing the same code using Conficker only a week earlier preventing the attack from occurring. In the Canadian company, Trusted Internet SOC security analysts identified the Botnet installation pattern and quickly acted to kill the connection and block the address to the Botnet operator in San Diego, CA.

 

www.trustedinternet.io

Jeff Stutzman, CISSP

Founder, Chief Information Security Officer

603-930-9212

Topics: Cyber, Information Security, gh0strat

Written by Jeff Stutzman, Founder

Mr. Stutzman is the Founder and senior information security expert operating as, and supervising virtual CISOs and Managed Security Services to companies as small as three and as large as 7500. Mr. Stutzman is a former Information Warfare focused Navy Intelligence Officer, Project Manager at Cisco working Mergers and Acquisitions, Investigations, and Global Cyber Risk Management. He was the CISO for Northrop Grumman Electronics Sector, a $16 billion global Electronics business; Principal Engineer at Carnegie Mellon’s Software Engineering Institute, and a GS-15 with the US Government serving as Director of the DoD/DIB Collaborative Information Sharing Environment at the DoD Cyber Crime Center. He has performed risk management, cyber investigations and M&A in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.