A new type of ‘Remote Access Trojan’ (RAT) has been released and is being used to spread ‘Distributed Denial of Service’ (DDoS) and ransomware attacks. Dubbed the ‘Borat RAT’, it comprises of ransomware, spyware, and RAT.
With hidden VNC abilities, vast surveillance features, microphone and video capture capabilities and file exfiltration toolkits, the Borat RAT is extremely sophisticated, empowering an attacker with abilities to cause a system-wide disruption. Threat intelligence company, Cyble, investigated this threat. In their deep dive, they found alarming ‘features’ of the Borat RAT.
Annoyance capabilities are also included, such as changing keyboard keys, switching monitors, and changing ‘mouse click’ settings. Chrome browsers appear to be the most impacted and is readily available on the dark net.
The FBI recently released the 2021 Internet Crime Report which indicated cybercrime losses of almost 7 billion USD in 2021. The report states that the evolution of tactics and techniques demonstrates threat actors’ increasing technological sophistication.
What can we do?
- Be wary of links within emails
- Use strong passwords with MFA
- Conduct regular backups
- Use a well reputed anti-virus
More advanced defence strategies include:
- Endpoint security
- The ability to micro-segment if an endpoint has been compromised
- Employing operational intelligence within your IDS/IPS
- Real-time logging analysis with machine learning
- A SOC team that can initiate action-based response
Defence-in-depth, firewall and antivirus may provide some protection against attacks, but an adaptive defence approach is the best strategy. Risk mitigation resources are expensive, time consuming, and present unrealistic technical requirements to many businesses. A Managed Security Service Provider (MSSP) can offer solutions that meet defence requirement requiring a reasonable budget.
An MSSP will be expected to provide all the defence strategies listed above, along with advice and help with implementation. Options could include cloud backup, 24/7 SOC availability with real-time monitoring, end-point security, zero trust architecture, tailored support solutions, access to global and local threat intelligence feeds, micro-segmentation tools and provide skilled dedicated security advisors.
Are you ready to take charge?
PhD, MISDF (1st Class), MBA
Senior Cyber Security Engineer