Most APTs (Advanced Persistent Threats) employ some kind of RAT technology because of the absolute power it gives an attacker to do basically whatever they want
New York, NY (PRWEB) December 07, 2013
RATs, or Remote Access Trojans (aka Remote Administration Tools), can give hackers total remote control of any compromised system(s). Once this type of malware payload is successfully delivered, through a phishing email, USB delivery or a malicious site, a hacker can easily get up to all kinds of costly mischief. In September, the sextortion case involving Miss Teen USA and a hacker using a RAT to spy on her with her own webcam and then blackmail her made headlines around the world. Last week, a new unclassified document by the US Army warned about the Syrian Electronic Army using RATs against rebel supporters. And just this week, reports surfaced that a banking Trojan employing RAT technology known as Neverquest is poised to explode in the coming months. But what exactly are RATs and what can organizations do to protect themselves? Joe Caruso, CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions nationally and worldwide, breaks down what RATs are and some ways they are used, why regular assessments and pen-tests are important, and the benefits of GDF’s new Data Breach Response Toolkit (DBRT).
What do RATs do?
“Put simply, a RAT is malware that gives criminals a backdoor to the infected system. Once a RAT payload has been delivered, a hacker will have all the access and privileges to everything on the system or device the user does. Most APTs (Advanced Persistent Threats) employ some kind of RAT technology because of the absolute power it gives an attacker to do basically whatever they want. They can alter, steal or destroy files, launch additional virus infections, deploy spyware like keyloggers, take screenshots, enslave a system as a zombie to use in a botnet for attacks on others, like DDoS attacks (Distributed Denial of Service), and even turn on and off microphones and cameras connected to the compromised system, like all those cases this year about women being spied on through their laptop cams and then being blackmailed over the screenshots the hacker snapped of them in various stages of undress or other embarrassing situations. And yes, even smartphones and tablets are at risk and can be used to launch crossover attacks on systems they connect with. So needless to say, on the espionage front, RATs are at the top of the food chain. There’s nothing quite like being able to take or manipulate any files you want, listen in on conversations, see everything happening on the screen, or even what’s going on in the room. That’s powerful stuff.”
How do regular vulnerability assessments and penetration testing help against RATs?
Vulnerability assessments are designed to look at an organization’s entire digital landscape and their cyber security posture from a policies and procedures perspective, from regulatory compliance to BYOD (Bring Your Own Device) policies and everything in between. This helps ensure that the client is not relying on a structure and defenses that can quickly become obsolete in the fast paced world of cyber threats. Yesterday’s solutions won’t be very strong against today’s attacks, and even less so when anticipating the attack vectors hackers will be using tomorrow. Penetration testing, or pen-testing, let’s us but on the black hat and test defenses just like a real world hacker would. By identifying the weak spots this way regularly, we can help the client remediate the vulnerabilities and significantly increase awareness of the problem areas organization-wide. A RAT still has to be delivered to become a problem, and it only takes one misstep from one user to open Pandora’s Box for an entire organization. So by helping clients avoid the initial delivery, it’s like lopping the head off the snake.”
What can GDF’s Data Breach Response Toolkit (DBRT) do about RATs?
“Our new DBRT software is a next generation cyber security tool that doesn’t rely on the inherently flawed paradigm of reactionary cyber defense. It doesn’t rely on signatures of previously discovered, documented and patched threats. Instead, DBRT analyzes system behavior and identifies suspicious processes. So even the stealthiest polymorphic malware can’t hide from DBRT. From a single command and control console, even the most sophisticated and advanced threats can be identified and eliminated enterprise-wide. By the same token, systems enterprise-wide can also be inoculated against reinfection from any identified and eliminated threat with the click of a mouse. This means the most costly and hard to detect threats like zero day attacks (previously undiscovered threats), RATs and other APTs can finally be handled. We use DBRT as part of our vulnerability assessment and penetration testing packages to help ensure our clients are not at the mercy of criminals lurking in the shadows doing whatever they want, whenever they want. DBRT is also an immensely valuable tool that IT security can put into their own arsenal as well to stay protected between scheduled assessments and pen-tests. And the pricing is unbeatable. To get a better idea of just how powerful and useful DBRT can be for any organization, just visit our site for more information.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics services, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber-incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.