You’ve gotta hate RATs! They are the most disgusting and opportunistic survivors of all time. RATs dwell amongst us occupying our area of activity, causing great damage, viruses and losses. It may sound as if I am speaking of the wild species Rattus Rattus (the common black rat) that invades and spreads disease, but you know that I am not. Like the animal, Remote Access Trojan (RAT) malware bring about deep concern and anxiety. RATs compromise computers, using back door technology to gain administrative control. This form of malware is intended to gain computer access, redistribute itself, establish a botnet, and do serious damage. The success of RAT usages enables criminals to steal from or wreak havoc on an individual or an entire company. Are you bothered or concerned about RATs too?
With RATs ‘cyber thieves’ gain unsuspected control over a victim’s computer to execute malicious exploits. It monitors behavior; accesses confidential information; alters or locks files systems and more. Furthermore, RATs allow cybercriminals to steal valuable information including your identity and even execute fraud. Primarily used to exploit credit cards, personal information and bank accounts, RATs have also become known as a weapon for extortion, where bad actors take valuable files, photos and videos for blackmail or ransom.
As you can imagine, tools of this type are extremely dangerous. Bad actors are very focused on efforts to develop, enhance and update under ground software, which is then given away free or sold on the black market to even the most inexperienced hackers for free or as little as $20. Certainly, there are some more advanced RATs that go for $300 or more. According to one Dell report, attackers are always looking for RATS, and willing to pay a premium for those that are easily available and fully undetectable by anti-virus software and antimalware programs.
As an essential element of today’s attackers toolset, RATs are most effective in their purpose and totally invisible to the victim. RAT’s can be spread to victims outside of IT/Security control, most often via spam, spear phishing and social engineering attacks. Each victim computer can then be used to infect others computers (or networks), collecting valuable information stored, infiltrating corporate data systems and instrumenting the building of dangerous network of cyber-soldiers. Sound interesting?
Generally RATs have capabilities that enable them to open legitimate ports, mimic remote administrative tools commonly used by IT organizations, and employ sophisticated techniques that evade security measures. They are contained inside heavily packed binaries that are dropped in the later stages of the malware’s payload execution, making them the very hard to detect using anti-virus and anti-malware programs. Scary isn’t it. A RAT that has also enabled criminals to permeate your infrastructure could have infected the very computer upon which you are reading this blog post.
Where is the challenge with security?
So what do you do about RATs? What protective actions should you take? Antivirus software seems to be the popular first choice of defense against all malware types. Although such solutions may detect viruses, many more complex and stealthy crypter forms of malware can escape antivirus scans and sandboxing. Operations or Security may also be a bit challenged at identifying and protecting against remote administrative Trojans before they cause substantial damage. Some organizations lack sufficient security/fraud expertise or a skilled team to conduct ongoing proactive research to discover malware or to thoroughly analyze it. Maintaining visibility into attacks on client-devices is an even greater challenge for many companies and may be a point of contention, as to who is responsible, if it will be dependent upon end-user involvement or if it is even necessary. As you ponder this keep in mind, RATs affect no one specific, but everyone, as the monetization of credentials and information continue to increase in value.
Stopping RATs in their tracks
Feel free to shoot me a line to share your experience with RATs infecting your user-base and the complexity of such you’ve encountered.
Article: “Driving in the illegal underground hacking market”, Security Affair December 2014. A recap of the Dell Dell Secure Works Counter Threat Unit (CTU) published a new report on the evolution of the hacking underground marketplaces.