Israeli firm fights off new generation of cyberattacks

Remote access attacks are easier and cheaper than ever for hackers to perpetrate – and for victims to defend themselves against

Tweeted instructions on how to halt the Remcos RAT (Cybereason)
Tweeted instructions on how to halt the Remcos RAT (Cybereason)

What’s the best way to beat malware? Nip it in the bud before it spreads too far, says Israeli cybersecurity firm Cybereason.

The company has developed a way to ward off a new and growing cyberattack – the inexpensive, widely available and easy-to-use Remcos RAT.

RATs, or remote access tools, are ostensibly legitimate pieces of software that allow users to control a computer from afar as if they were sitting in front of it. With a RAT, a supervisor or tech support person could help a company employee sort out a software snafu, set up a new user account, or perform any other routine activity that the support person would otherwise have to be present for.

While RATs have a place in legitimate computing, they are often used to perpetrate hacking attacks. Hackers surreptitiously send RATs with remote access rights already activated as email links or attachments that their unwitting victims innocently click on. Once installed, the RAT enables hackers to do whatever they want on the victim’s machine, including installing ransomware, in which hackers threaten to shut down computer or network operations unless they are paid off.

What’s unique about Remcos RAT is its popularity. According to Sanz Yashar, head of Cyberreason’s intelligence team, advanced versions of Remcos RAT have been circulating in the hacker world in recent weeks at popular prices. Hackers can buy a license for the RAT via sites on the dark web, with subscriptions starting at $58 for a one-month, one-machine license. More advanced hacker operations could buy an enterprise license, which can be used on 10 machines for six months for a mere $389.

Once licensed, hackers send out the file wrapped up in a Microsoft Word document, which, once opened, installs the RAT. The RAT may immediately install malware (like the Jigsaw ransomware, said Cybereason), or allow hackers to perform other actions via a live command-and-control server.

“The attack began on July 15 and has affected 250 victims so far,” according to the company. “Credit and thanks go to Ido Naor of Kaspersky and Eyal Sela of ClearSky” for uncovering the scam, Cybereason added.

Cybereason’s response to the Remcos RAT consists of a two-file “vaccine” that users can create (the easy instructions are in a blog post) to keep their computers clean and protected.

“Such easy access to sophisticated malware proves that there is no need to be a cyber expert to launch sophisticated malicious attacks and entice new cybercriminals to increase their activity in the field,” according to Cybereason.

“Stay safe out there,” urges the company.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed