View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
February 11, 2019

RATs and Business Email Compromise Attacks on the Rise: Proofpoint

"A broader trend toward malware infections focused on long-term PERSISTENCE and ongoing exploitation of infected systems"

By CBR Staff Writer

The number of RATs (Remote Access Trojans) infecting machines globally doubled each quarter of 2018, scratching their way from comprising just 0.04 percent of observed malware in 2017 to over eight percent of all malicious payloads in Q4 of 2018.

This is according to a threat report from California-based cybersecurity company Proofpoint, which analysed the threat landscape in 2018; the rise in RATs, along with a surge in malicious email attacks, stand out as key malware dynamics in the report.

Many RATs are used to initiate downloads for other tools, however some are used to take complete control of a system, allowing a hacker to remove all the valuable data they want while keeping the real user in the dark about the compromise.

Proofpoint note that threat group TA505, which is one of the most active they track, has been spreading RAT malware FLAWEDAMMYY, FLAWEDGRACE and RMS RAT at an increased rate since March 2018.

Remote Access Trojan

Image Source: Proof Point

As of yet there is no clear reason why the use of RATs has seen an increase over the last year, however as Proofpoint note in their report: “Threat actors follow the money, meaning that they would not be increasing distribution of RATs without achieving a return on their investments in malware, command and control, and sending infrastructure.”

Its researchers added: “Throughout 2018, we observed the introduction of several new downloaders and stealers such as Marap, Advisorsbot and Cobint, as well as increased development and distribution of existing strains like AZORult. As with the RATs described above, this appears to be part of a broader trend toward malware infections focused on long-term PERSISTENCE and ongoing exploitation of infected systems”.

Remote Access Trojan Attacks Rise, but Email Attacks Still King

Email is still the top attack vector favoured by threat actors, the report shows.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The number of business email compromise (BEC) email attacks on companies grew by a massive 476 percent year-over-year in 2018.

(These are typically highly targeted and rely heavily on social engineering tactics to trick unsuspecting employees and executives into making wire transfers.)

Proofpoint found that on average enterprises received 120 BEC emails in the fourth quarter of 2018 alone, any one of which could do serious damage to IT systems.

Its researchers meanwhile noticed that ransomware attacks have decreased in comparison to their highs in 2017, but a more favoured form of social engineering coercion has begun to rise that of direct extortion, sometimes known as ‘sextortion’. These occur when a hacker threatens to release compromising data or images unless they receive payment.

“With rare exceptions, these emails do not contain malware or malicious links and rely on the human factor to trick recipients. Often, the threatening emails include “evidence” of compromise, such as an old password that the actor may have obtained from a data breach or simply guessed,” Proofpoint note.

Remote Access Trojan

Image Source: Proof Point

This type of attack is just another sign of the rise of social engineering, the psychological manipulation of people through exposed information and easily accessible data via social media or previously breached accounts.

Unfortunately security software can only do so much and to combat these types of attacks a workforce needs to be constantly diligent when it comes to checking the provenance of emails.

Recently Google released a phishing quiz that not only tests your awareness, but showcases how easy it is to mistakenly click on what looks like a legitimate link and how real the threat of a compromise account from an email attack is.

See Also: Trojan Targeting Only Italian Machines Contains Cheeky Mario Image

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.