In my recent article on Phishing, I discussed how this technique remains one of the most widely used techniques for gaining unauthorized access to valuable company information and computer systems.
In this NNIT Security Insights article, I take a deep dive into the area of Remote Administration Tools (RATs), which are sometimes included as malware payloads in phishing emails.
A Remote Administration Tool is often used by IT service desks to provide remote desktop services to PC users in order to install software applications or solve minor issues. The tool is a great asset to service desks and has revolutionized Global IT support capabilities.
However the acronym "RAT" is more commonly associated with a more sinister version of this functionality, whereby a small piece of software code is added as the payload in a phishing email, or stored on a server waiting to be downloaded by a PC user clicking on a phishing link in an email. Once activated, the RAT runs silently in the background unknown to the PC user and provides full remote administration capabilities to an external attacker, who is then able to control the PC as if they were sitting directly in front of it.
Following activation, the first thing a RAT needs to do is to phone home to its "master". In reality, this involves the RAT sending out a timed beacon to its Command and Control server located on the Internet to indicate it is now active and ready for use.
Since the RAT is located inside an organization's network, the RAT effectively acts as a backdoor for the RAT's master to gain full access to the organization's network.
The RAT is very powerful and often has some or all of the following capabilities:
Purpose of RAT in attack life-cycle
RATs are used throughout an attack life-cycle, but are especially used in the early stages of an attack when attackers are looking to establish a foothold in an organization. Here they assist attackers by providing remote access, and enable them to gather information that can assist them to move deeper into the organization's network. Later in an attack life-cycle the RAT assists with data ex-filtration activities.
This is an article from NNIT Security Insights, a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.
NNIT has its own Computer Emergency Response Team (CERT). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage.
You are welcome to contact us at firstname.lastname@example.org if you want to know more about how NNIT can help your business increase its information security level.