Privileged Access Management

The Year of the RAT: Successful Cybersecurity By Knowing Your Threat

Chinese New Year 2020: The Year of the RAT

The year of the rat is going to be a strong, prosperous, and lucky year, for those that carefully plan their objectives.

Lessons from 2019

Looking back at 2019, it’s easy to see that many data breaches, ransomware attacks, and other cryptoware frequently made news headlines, with millions of stolen records, millions paid in compensation, and millions of remediation costs. Not to mention the consequences businesses faced from compliance failures and regulations.

The many attacks seen throughout the year concerned small companies as well as multinationals and targeted all industries, from Healthcare to Bank and Finance, as well as Retail, Education, and so on.

However, many of those catastrophic attacks could have been avoided, and don’t need to be fatal. Careful planning of your cybersecurity will help you tackle the challenge triggered by the cruel beast at the origin of them all: the Remote Access Trojan (RAT).

Know Your Enemy: The RAT

If we look closely at most attacks, they all have at their source a common vector. Often compared to a Swiss Army knife, the RAT can be designed or set up with numerous tools adapted to the information to be stolen from the IT system or to the attack to perpetuate.

But what exactly does a RAT do? What happens when a rat wiggles its way inside your IT infrastructure?

Once deployed through phishing, email, download, or social engineering, the RAT will try to invade your network with one or several objectives:

Steal user credentials and elevate their privileges to gain access to your sensitive (and valuable) assets
Bounce across the network to other systems
Download new tools to infect your infrastructure and advance the attack
Identify which data is most interesting to steal, damage, or encrypt
Open remote access to allow intruders to enter your system

How does this malevolent creature achieve its terrible objectives? The RAT has several capabilities at its disposal to sustain its life cycle within your IT environment:

All sorts of keyloggers, recording tools, and scrapers to steal credentials
Upload/download capabilities
Ability to scan networks and to connect to other systems
Encryption tools

Careful Planning For a Year Without The RAT

Cyberattacks and other data breaches need not be fatal to your organization. A variety of tools exist to prevent and mitigate even the most brutal attacks. But most importantly, a well-thought-out security plan will put you in a position to fend off any threat.

To build your cybersecurity plan, you first need to establish the exact behaviors of the threat. When looking at the anatomy of an attack, several key behaviors can be identified:

Infiltration and bouncing. The RAT is installed on a system and tries to propagate to other systems of the environment.
Obtaining credentials and privileges, modification of the environment. The RAT will attempt to steal credentials and acquire new elevated privileges in order to perpetuate illegitimate actions. It may try to modify the environment to protect itself and disarm local protections such as anti-virus software. It may attempt to arm the system directly by encrypting local files, for example.
Communication with outside systems. The RAT will establish connections to remote Command & Control servers to enable exfiltration of data, download of new capabilities, or grant access to malevolent users.

With knowledge comes power. With the comment behaviors of the RAT identified, it’s time to define the proper strategy to safeguard your IT environment. You can execute a few basic steps to establish holistic protection of your systems:

Establish perimetric protection of your environment by controlling illegitimate access to sensitive systems and preventing bouncing.
Guarantee the security and productivity of IT teams thanks to efficient use of the Principle Of Least Privilege for streamlined access rights
Ensure the security of remote connections and third-party access, and implement easy authentication of user identities accessing your critical infrastructure

These three simple steps will quickly have your organization well-positioned and prepared for The Year of the RAT. In each article of this series, we’ll elaborate on how to put these next steps into practice to enact a robust, streamlined cybersecurity strategy to protect your users, IT systems, and projects for a prosperous new year.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
trackalyzer	1 year	This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
messagesUtk	1 year 24 days	This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-12183334-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 23 days 12 hours 13 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wp-wpml_current_language	1 day	No description

The Year of the RAT: Successful Cybersecurity By Knowing Your Threat

Chinese New Year 2020: The Year of the RAT

Lessons from 2019

Know Your Enemy: The RAT

Careful Planning For a Year Without The RAT

The Biggest Data Breaches of 2019 - and How PAM Could Have Stopped Them

Cybersecurity Basics From the Outside In

Related Blogs

Related Resources

Products

Solutions

Resources

About