Image 01 Image 02 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 03 Image 01 Image 02 Image 03 Image 03 Image 03

Remote Access Trojan (RAT)

Malicious Software for Endpoint Takeover
and Exploitation
 
Remote Access Trojans (RATs) provide cybercriminals with unlimited access to infected endpoints. Using the victim’s access privileges, they can access and steal sensitive business and personal data including intellectual property, personally identifiable information (PII and patient health information (PHI). While automated cyber-attacks (e.g. Man-in-the-Browser) allow cybercriminals to attack browser-based access to sensitive applications, RATs are used to steal information through manual operation of the endpoint on behalf of the victim. Most Advanced Persistent Threat (APT) attacks take advantage of RAT technology for reconnaissance, bypassing strong authentication, spreading the infection, and accessing sensitive applications to exfiltrate data. RATs are commercially available (e.g. Poison Ivy, Dark Comet) and can be maliciously installed on endpoints using drive-by-download and spear-phishing tactics. 
 
Organization should specifically address RATs in their enterprise defense strategy at the endpoint layer. The risk is especially high when RAT infection occurs, as the detection of RATs in run-time is extremely difficult to do. 
 

Detect and Block Malicious Remote Access Activities 

RATs enable cybercriminals to perform key-logging and session logging of the user activity as a way to capture credentials, sensitive data, and gather intelligence on internal application flows and structures. By preventing these run-time activities when sensitive applications like VPN and VDI clients (or the browser) are used, the ability of the attackers to leverage the RAT to execute an attack is dramatically reduced. 

Block Malware Infection, Remove Existing Malware

Controls should be implemented to prevent RAT malware from infecting managed and unmanaged devices. If a device is infected, the controls need to quickly detect and remove RATs from end users' machines. Future infections must be stopped by blocking malware installation processes and spear-phishing attacks. Special focus should be given to resource consumption and management overhead when balancing strength of the protection and risk reduction with end user and IT security impact. 

Enterprise Controlled Deployment and Management

Anti-malware solutions must cover the vast majority of managed and unmanaged device platforms, including PCs, Macs and Mobile (iOS and Android devices). The solution must be readily available to end users to instantly secure their devices. An on demand deployment option is required when enterprise resources are accessed from home computers or on the road. Organizations must have the ability to mandate that all VPN access be performed from secured endpoints (i.e. ensure that an endpoint security control is installed and functioning).