Hunting RATs (Remote Access Trojans)
Security professionals must continue to ask themselves, are they doing enough? Are they continuing to develop their knowledge and defenses? Are they successfully staying ahead of cybercriminals? And even if the answer is yes, how do they know they will continue to stay ahead tomorrow? Systems are built, security protocols are established but then, in many cases, development stops and new defenses are not implemented to mitigate new threats. What may have once been secured, will soon likely fail to keep new threats and vulnerabilities at bay as cybercriminals increase both their capability and volume of attacks.
To prevent an attack, an organization may maintain a good patch management cycle and updated rulesets. Some may even go further to adopt threat intelligence feeds, although, it is argued this can be counterproductive. When threat intelligence is used correctly, it can deliver an early warning of likely threats, enabling ample time to adjust defenses accordingly.
Defense teams are tasked with monitoring within a SOC, safeguarding the business, and winning every engagement with the enemy. On the other hand, threat actors or penetration testers only need to succeed once to win. A common mentality amongst those in the cybersecurity community is to focus on the difficulty of keeping an organization safe from a cyberattack. But this works both ways, as investigators only need to identify one misstep by cybercriminals.
Hunting and identifying a threat actor provide an opportunity to understand the enemy and learn better ways of defending against them. Cybersecurity professionals may not have the jurisdiction of Law enforcement and most definitely do not have the legal rights to hack back. But they can learn what new controls are required, even before a threat actor envisions their new tool, technique or procedure (TTP).
This eBook touches on topics including:
- What is a RAT (remote access trojan)
- How to carry out an investigation with an IOC
- A hunting guide including a real world investigation