The Year of the RAT: Successful Cybersecurity By Knowing Your Threat

Chinese New Year 2020: The Year of the RAT

The year of the rat is going to be a strong, prosperous, and lucky year, for those that carefully plan their objectives.

Lessons from 2019

Looking back at 2019, it’s easy to see that many data breaches, ransomware attacks, and other cryptoware frequently made news headlines, with millions of stolen records, millions paid in compensation, and millions of remediation costs. Not to mention the consequences businesses faced from compliance failures and regulations.

The many attacks seen throughout the year concerned small companies as well as multinationals and targeted all industries, from Healthcare to Bank and Finance, as well as Retail, Education, and so on.

However, many of those catastrophic attacks could have been avoided, and don’t need to be fatal. Careful planning of your cybersecurity will help you tackle the challenge triggered by the cruel beast at the origin of them all: the Remote Access Trojan (RAT).

Know Your Enemy: The RAT

If we look closely at most attacks, they all have at their source a common vector. Often compared to a Swiss Army knife, the RAT can be designed or set up with numerous tools adapted to the information to be stolen from the IT system or to the attack to perpetuate.

But what exactly does a RAT do? What happens when a rat wiggles its way inside your IT infrastructure?

Once deployed through phishing, email, download, or social engineering, the RAT will try to invade your network with one or several objectives:

  • Steal user credentials and elevate their privileges to gain access to your sensitive (and valuable) assets
  • Bounce across the network to other systems
  • Download new tools to infect your infrastructure and advance the attack
  • Identify which data is most interesting to steal, damage, or encrypt
  • Open remote access to allow intruders to enter your system

How does this malevolent creature achieve its terrible objectives? The RAT has several capabilities at its disposal to sustain its life cycle within your IT environment:

  • All sorts of keyloggers, recording tools, and scrapers to steal credentials
  • Upload/download capabilities
  • Ability to scan networks and to connect to other systems
  • Encryption tools

Careful Planning For a Year Without The RAT

Cyberattacks and other data breaches need not be fatal to your organization. A variety of tools exist to prevent and mitigate even the most brutal attacks. But most importantly, a well-thought-out security plan will put you in a position to fend off any threat.

To build your cybersecurity plan, you first need to establish the exact behaviors of the threat. When looking at the anatomy of an attack, several key behaviors can be identified:

  1. Infiltration and bouncing. The RAT is installed on a system and tries to propagate to other systems of the environment.
  2. Obtaining credentials and privileges, modification of the environment. The RAT will attempt to steal credentials and acquire new elevated privileges in order to perpetuate illegitimate actions. It may try to modify the environment to protect itself and disarm local protections such as anti-virus software. It may attempt to arm the system directly by encrypting local files, for example.
  3. Communication with outside systems. The RAT will establish connections to remote Command & Control servers to enable exfiltration of data, download of new capabilities, or grant access to malevolent users.

With knowledge comes power. With the comment behaviors of the RAT identified, it’s time to define the proper strategy to safeguard your IT environment. You can execute a few basic steps to establish holistic protection of your systems:

  • Establish perimetric protection of your environment by controlling illegitimate access to sensitive systems and preventing bouncing.
  • Guarantee the security and productivity of IT teams thanks to efficient use of the Principle Of Least Privilege for streamlined access rights
  • Ensure the security of remote connections and third-party access, and implement easy authentication of user identities accessing your critical infrastructure

These three simple steps will quickly have your organization well-positioned and prepared for The Year of the RAT. In each article of this series, we’ll elaborate on how to put these next steps into practice to enact a robust, streamlined cybersecurity strategy to protect your users, IT systems, and projects for a prosperous new year.