Skip to content

A ‘Triple Ransomware’ threat is here

Advantage Aware

A new type of ‘Remote Access Trojan’ (RAT) has been released and is being used to spread ‘Distributed Denial of Service’ (DDoS) and ransomware attacks. Dubbed the ‘Borat RAT’, it comprises of ransomware, spyware, and RAT.

With hidden VNC abilities, vast surveillance features, microphone and video capture capabilities and file exfiltration toolkits, the Borat RAT is extremely sophisticated, empowering an attacker with abilities to cause a system-wide disruption. Threat intelligence company, Cyble, investigated this threat. In their deep dive, they found alarming ‘features’ of the Borat RAT.

Annoyance capabilities are also included, such as changing keyboard keys, switching monitors, and changing ‘mouse click’ settings. Chrome browsers appear to be the most impacted and is readily available on the dark net.

The FBI recently released the 2021 Internet Crime Report which indicated cybercrime losses of almost 7 billion USD in 2021. The report states that the evolution of tactics and techniques demonstrates threat actors’ increasing technological sophistication.

What can we do?

  • Be wary of links within emails
  • Use strong passwords with MFA
  • Conduct regular backups
  • Use a well reputed anti-virus

More advanced defence strategies include:

  • Endpoint security
  • The ability to micro-segment if an endpoint has been compromised
  • Employing operational intelligence within your IDS/IPS
  • Real-time logging analysis with machine learning
  • A SOC team that can initiate action-based response

Defence-in-depth, firewall and antivirus may provide some protection against attacks, but an adaptive defence approach is the best strategy. Risk mitigation resources are expensive, time consuming, and present unrealistic technical requirements to many businesses. A Managed Security Service Provider (MSSP) can offer solutions that meet defence requirement requiring a reasonable budget.

An MSSP will be expected to provide all the defence strategies listed above, along with advice and help with implementation. Options could include cloud backup, 24/7 SOC availability with real-time monitoring, end-point security, zero trust architecture, tailored support solutions, access to global and local threat intelligence feeds, micro-segmentation tools and provide skilled dedicated security advisors.

Are you ready to take charge?  

Dr Antony
PhD, MISDF (1st Class), MBA
Senior Cyber Security Engineer
Advantage https://advantage.nz

Facebook
Twitter
LinkedIn

Related Posts

So, in recent times we’ve seen airline Qantas falling victim to a cyberattack which hit a third-party contact centre platform potentially exposing personal details of up to 6 million customers. On the NZ side of the ditch, New World took an arrow to the knee with a password spraying attack.
The landscape of remote work has transformed dramatically over the past several years. What began as a reactive shift to keep operations going during a major global disruption has now solidified into a permanent mode of working for many organisations, especially small businesses.
On Friday, 30th June 2025, Qantas confirmed a cyber incident affecting one of its offshore third-party contact centres. Approximately six million customer records were accessed, exposing personal information including names, contact details (email and phone number), Date of Birth and frequent flyer numbers. No financial or authentication credentials (such as passwords or card data) were determined to be accessed at this time.