Yuck a RAT infestation! How concerned are you?

You’ve gotta hate RATs!  They are the most disgusting and opportunistic survivors of all time. RATs dwell amongst us occupying our area of activity, causing great damage, viruses and losses.  It may sound as if I am speaking of the wild species Rattus Rattus (the common black rat) that invades and spreads disease, but you know that I am not. Like the animal, Remote Access Trojan (RAT) malware bring about deep concern and anxiety.  RATs compromise computers, using back door technology to gain administrative control.  This form of malware is intended to gain computer access, redistribute itself, establish a botnet, and do serious damage. The success of RAT usages enables criminals to steal from or wreak havoc on an individual or an entire company.  Are you bothered or concerned about RATs too?

 

With RATs  ‘cyber thieves’ gain unsuspected control over a victim’s computer to execute malicious exploits.  It monitors behavior; accesses confidential information; alters or locks files systems and more. Furthermore, RATs allow cybercriminals to steal valuable information including your identity and even execute fraud.   Primarily used to exploit credit cards, personal information and bank accounts, RATs have also become known as a weapon for extortion, where bad actors take valuable files, photos and videos for blackmail or ransom. 

 

As you can imagine, tools of this type are extremely dangerous.  Bad actors are very focused on efforts to develop, enhance and update under ground software, which is then given away free or sold on the black market to even the most inexperienced hackers for free or as little as $20[1].  Certainly, there are some more advanced RATs that go for $300 or more. According to one Dell report, attackers are always looking for RATS, and willing to pay a premium for those that are easily available and fully undetectable by anti-virus software and antimalware programs. 

 

Common RATs we’ve seen today

As an essential element of today’s attackers toolset, RATs are most effective in their purpose and totally invisible to the victim. RAT’s can be spread to victims outside of IT/Security control, most often via spam, spear phishing and social engineering attacks. Each victim computer can then be used to infect others computers (or networks), collecting valuable information stored, infiltrating corporate data systems and instrumenting the building of dangerous network of cyber-soldiers.   Sound interesting?

 

Generally RATs have capabilities that enable them to open legitimate ports, mimic remote administrative tools commonly used by IT organizations, and employ sophisticated techniques that evade security measures.  They are contained inside heavily packed binaries that are dropped in the later stages of the malware’s payload execution, making them the very hard to detect using anti-virus and anti-malware programs.  Scary isn’t it.  A RAT that has also enabled criminals to permeate your infrastructure could have infected the very computer upon which you are reading this blog post.   

 

Where is the challenge with security?

So what do you do about RATs?  What protective actions should you take?  Antivirus software seems to be the popular first choice of defense against all malware types.  Although such solutions may detect viruses, many more complex and stealthy crypter forms of malware can escape antivirus scans and sandboxing.  Operations or Security may also be a bit challenged at identifying and protecting against remote administrative Trojans before they cause substantial damage.  Some organizations lack sufficient security/fraud expertise or a skilled team to conduct ongoing proactive research to discover malware or to thoroughly analyze it.  Maintaining visibility into attacks on client-devices is an even greater challenge for many companies and may be a point of contention, as to who is responsible, if it will be dependent upon end-user involvement or if it is even necessary.   As you ponder this keep in mind, RATs affect no one specific, but everyone, as the monetization of credentials and information continue to increase in value. 

 

Stopping RATs in their tracks

To take action and fight off RATs, many leading organizations are turning to technologies adopted by the retail, and financial services industries to protect against online fraud.  Such solutions go beyond anti-virus solutions to provide real-time visibility into compromised client-devices and threats targeting customer end-users.  These companies do not want to be burdened with managing security for every device, but want to be assured all users are protected.  Using JavaScript code injected into each session, fraud detection solutions like WebSafe easily detect the presence of Trojans and specifically identify backdoor connections without client-side install or end-user involvement.  Admins are then alerted of the risk and can immediately take action to mitigate any threats.  Furthermore, login page form fields can be obfuscated and credentials encrypted while data is still active in the browser.  Spyware becomes useless at capturing confidential login information that is not fully protected by SSL.  F5 WebSafe is unique from other anti-fraud solutions in its ability to detect RATs and even other notorious malware types like Dyre.  Read more about WebSafe to understand how it can be used to protect your organization against employee credential theft.  Remember, RATs are everywhere, nesting and growing in numbers.  As with any pest infestation it is vitally important to recognize its presence of RATs early, exterminate them and protect your self from any resurgence.

 

Visit F5 Web Fraud Protection Solution page for more information on F5 WebSafe and talk to an F5 rep about today.

 

Feel free to shoot me a line to share your experience with RATs infecting your user-base and the complexity of such you’ve encountered. 

 

[1] Article: “Driving in the illegal underground hacking market”, Security Affair December 2014.  A recap of the Dell Dell Secure Works Counter Threat Unit (CTU) published a new report on the evolution of the hacking underground marketplaces.

 

Published Nov 17, 2015
Version 1.0