As today’s dynamic business environment continues to grow, systems that were previously contained (or “closed”) have moved on to the cloud and are opened up to remote access and control. Unfortunately, hostile parties can take advantage of these“open” systems and are prepared to exploit any vulnerability.
Meet the RAT hiding in your system
Threats to your firm’s data can come from many sources, but one of the most damaging malware infections can come from a Remote Access Trojan (RAT). If you’ve heard of a Trojan viral infection, then you understand that the virus might look like a legitimate program, but once given access to your network it’s ready to cause lots of damage. What sets a RAT apart from a regular Trojan virus is that it doesn’t just slow down your system, but it gives the hacker remote control.
The level of control depends on what type of RAT you are faced with and its mission. For example, it could gain access to all your passwords through a technique known as “key logging.” This enables the hacker to record every keystroke you make and as the infected party you will remain unaware that anything is wrong. The hacker will get access to sensitive data, like credit card numbers and could even turn on your computer’s webcam to spy on you!
Know your RAT species
Two types of RAT are most common. The Adwind RAT and The Qrypter RAT. Both spread through spam emails, and even if you are used to them they can be very convincing. The Adwind RAT will imitate the Swift network messages used by financial institutions. It creates a notification from a “trusted” financial source that urges users to check out the attached document to verify correct account information. Once clicked and opened, the RAT goes to work. Recent news reports indicate that several attacks have occurred from IPs located in Cyprus, Turkey and The Netherlands.
The Qrypter RAT was developed more recently as Malware As A Service (MaaS) model. This is where the creators of the virus rent the RAT out to criminals rather than managing the virus themselves. Qrypter is currently targeting financial institutions worldwide, and as of March 2017 has infected 243 companies.
Stop the RAT in its tracks
It is important that businesses educate its employees on the dangers of malware infections, and as GI Joe used to say, “knowing is half the battle.” Never open attachments from phishing emails and if you’re not sure you are being phished always err on the side of caution, and get your IT professional to take a look.
While some security experts recommend you invest in a licensed anti-spyware tool, its more important that employees follow safe web browsing protocols – because its always better to prevent a RAT from getting into the system in the first place.
If you’d like to learn more about network security threats and see if your systems are safe, connect with our experts at LDI CONNECT