From pranks to APTs: How remote access Trojans became a major security threat

RATs were first created to prank friends. Today, they’re cheaply available and used by everyone from cybercriminals to espionage groups.

1 2 Page 2
Page 2 of 2

While many threat actors will continue to use commodity RATs, a few will build their own, says Recorded Future’s Kaye. “The MuddyWater APT used some kind of bespoke-type RAT functionality.” In the years to come, she expects to see RATs with complex modules but also simple ones written in Python. “For the more modular ones, there are people writing new modules, because some RATs are open source,” Kaye says.

How to mitigate risk from RATs

In the beginning, RATs were about opening the CD tray and stealing passwords. “Nowadays, they can do almost everything,” says Avast security evangelist Luis Corrons. In 2020, he saw attackers using mostly njRAT, NanoCore RAT, Blackshades and SpyNet. Sometimes companies are slow to detect RATs. “We have seen attacks in which someone has been inside a company for half a year or a year and nobody noticed,” he says.

That’s why Corrons recommends monitoring the company’s network meticulously. “Everybody is going to get infected, and the sooner you detect it, the better, because if you detect it really early, you can avoid most of the damage,” he says.

He and Recorded Future’s Kaye say that most attacks still rely on social engineering techniques, so educating users is fundamental. “Let employees know how their IT services team will be contacting them,” Kaye says.

Europol, the European Union’s law enforcement agency, lists a few other things users could do:

  • Make sure the firewall is active
  • Keep software updated.
  • Download software only from trusted sources.
  • Regularly back up data.
  • Do not click on suspicious links, pop-ups or dialog boxes.
  • Do not click on links or attachments within unexpected or suspicious emails.

Europol also lists a few infection signs:

  • The internet connection might be unusually slow.
  • Files might be modified or deleted.
  • Unknown processes might be visible in the Task Manager.
  • Unknown programs might be installed and could be found in the Control Panel.

Copyright © 2020 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Subscribe today! Get the best in cybersecurity, delivered to your inbox.