When most people hear the word “RAT” they envision a large rodent that dines in dumpsters while seeking solace in sewers. For security professionals, the word , or term, RAT has an altogether different connotation. RAT, or “Remote Access Trojan”, is a form of malicious code that provides local system or network access to a remote attacker. RATs are favored highly by cyber criminals and nation states alike due to their efficacy and, in many cases, ease of deployment and management. Some key functions of RATs include:
- Monitoring user behavior through key loggers
- Monitoring user behavior through spyware suites
- Providing unauthorized access to confidential, sensitive or in some cases, classified information
- Providing access to a system’s camera for the purpose of taking snapshots or videos
- Enabling a system’s microphone in order to hear conversations in a room or other environment
- Taking screenshots
- Distributing copies of themselves or other malicious code
- Manipulating files on a drive (e.g. delete, download etc.)
- Formatting a drive
Figure 1 below depicts a RAT, DarkComet, which is for sale on an underground marketplace. In this case, the seller is offering access to version 4.0-5.3.1 Full Versions with “Extras.” DarkComet offers a variety of features including:
- Spy functions
- Network functions
- Computer Power
- Server Actions
- Update Server
Though developed in 2008, DarkComet began widespread proliferation in 2012, and remains popular in cyber criminal circles to this day.
In many instances a user can keep systems and environments protected from RATs by following basic information security principles. These basics include the education of personnel, patching of systems and network elements, the presence and deployment of advanced end point protection platforms, network elements such as next generation firewalls (NGFW), intrusion prevention systems (IPS), secure web and mail gateways. Furthermore, organizations must have solid risk-based threat mitigation programs, which account for people, process, and technology.
RATs can impact everything from mobile devices to laptops, desktops, and servers. Left unchecked, RATs can easily have an adverse effect on an organization’s digital footprint and shadow.