Remote Administration Tools are tools which are used by cybercriminals to gain access and operate hijacked devices. These RATs are often hidden in fake invoices, PDF files and pictures – and it is no surprise that RATs are used to target businesses. The cybercriminals which use these type of tools are often after financial gain.
There is just one thing – it seems that small to medium sized companies are not really aware of this fact. The chance is very big that small to medium sized companies will be targeted by cybercriminals which will use RATs to control their victims.
The reason is pretty simple:
- RATs are easy to configure
- RATs are easy to hide
- RATs are effective
- RATs can be used in mass campaigns
But if we take a second and realize which capabilities a RAT can provide to a hacker/cybercriminal, we will be able to get a glimpse of the various events that could happen to a hijacked/hacked network or device.
- Record keystrokes
- Record audio
- Record video
- View all the files / pictures / audio / database / intellectual property
- View all the financial data
- Steal all the credentials
- Gain access to mail / FTP / network shares
- Ability to copy itself to USB sticks and other types of data transmitters
- Ability to install additional malware (for example; Ransomware)
The Netherlands has given out a warning to all the companies – they state that there has been an increase in the usage of RATs and that the chance is very high that attacks will be performed with the mentioned methods.
What to do
Now it is not only The Netherlands and The United States which need to be careful – everyone which uses a device with internet connection should think about having the following points checked:
- Is there an antivirus installed on the device?
- Is the antivirus up to date?
- Do I need to use an administrator account?
- Is the file which I want to open from someone I trust?