It may be named after a popular and irreverent mockumentary, but the new Borat Remote Access Trojan (RAT), a recently detected strain of malware in the wild, is a serious threat to organizations.
The versatile Borat, now available on the darknet, not only deploys ransomware, but also features DDoS attacks and UAC bypass, “further amplifying malware capabilities,” according to Cyble researchers who discovered The rat.
It also expands the number of threat actors that can launch attacks, in some cases appealing to the lowest common denominator. “Malware operators often don’t know the best way to monetize their victims until they’ve been in an environment for a while, so malware authors are increasingly developing feature sets and capabilities that allow for flexibility on the part of malware. of the attacker,” said John Bambenek, director. threat hunter in Netenrich. “However, the history of these tools is that they tend to be used by less sophisticated criminals (or those pretending to be less sophisticated) who may find it difficult to succeed in ransomware at scale.”
Borat allows attackers to “gain full access and remote control over a user’s system, including mouse and keyboard control, access to files, and network resources,” the researchers wrote. “It provides a dashboard for threat actors (TAs) to perform RAT activities and also has an option to compile the malware binary to perform DDoS and ransomware attacks on the victim’s machine.”
The Borat RAT is “a powerful and unique combination of remote access Trojan, spyware, and ransomware, making it a triple threat to any machine compromised by it,” Cyble researchers said, adding that the ability to record audio and control the webcam and perform traditional actions. The information-stealing behavior makes Borat worth watching. “The additional functionality to carry out DDOS attacks makes this an even more dangerous threat that organizations and individuals need to be aware of.”
Those who may have dismissed the dangers of DDoS attacks may want to rethink their position. “Ransomware and DDoS attacks are a constant threat to organizations and security bugs and flaws within software can be exploited to amplify these attacks,” said Jack Mannino, CEO of nVisium. “Since these attacks are highly effective and can often be launched at relatively low cost, DDoS threats will continue to be a real and persistent risk to digital organizations today.”
Security professionals agree. “RATs and other Trojans can be especially insidious as they can enable a wide range of attacks, including keyloggers, which can be used to compromise credentials,” said Rajiv Pimplasker, CEO of Dispersive Holdings, Inc.
“Once again, we see a variation of an existing attack brought together as a new toolkit that uses various tactics and techniques to make their malware or ransomware bypass existing security controls. It also shows that the misuse of privileged access controls is an emerging trend where identity analysis and monitoring are critical for emerging and modern security operations teams to combat compromised credentials and identity abuse. ”, said Saryu Nayyar, CEO and founder of Gurucul.
“Borat, in particular, is built to order and sold through an organized campaign that exposes the role darknet markets play in cybercrime today,” said Chris Olson, CEO of The Media Trust.
Those Trojans “are one of the many reasons we’re seeing a rise in web and Java-based malware with sophisticated features like polymorphic and obfuscated code, fast URL switching, and more,” Olson said. “It takes little experience for attackers to target consumers and organizations across digital surfaces, just the money and inclination to acquire the right code from malicious actors who make a living off the design.”
Underlining that most cyberattacks are unsophisticated and rely on common techniques to gain access and deploy ransomware or steal data, Delinea Chief Security Scientist Joseph Carson said: “Weak credentials are one of the causes. common ones that make it easier for attackers to gain an initial foothold.”
To reduce the risks of becoming the next victim, organizations “need to double down on the basics and make weak credentials a thing of the past,” he said. “Strong password management, privileged access security, and multi-factor authentication (MFA) will make it difficult for an attacker to succeed in gaining the initial foothold. This is likely to force them to look elsewhere for an easier target.”
In addition, organizations must “prepare to respond with a robust incident response plan,” Carson said. “Resilience is vital to an organization’s ability to quickly recover and return to business.”
As organizations increase the difficulty for attackers, he said, bad actors will take on more risk. Creating “more noise on the net, giving defenders a better chance of spotting them.”
Image courtesy of: Michael Bulcik and Jarjar Zanaq (cc:by) https://commons.wikimedia.org/wiki/File:Borat.portrait.png