Remote access tools have become a versatile support to organizations. However, these tools come with a risk; the risk of being used by cybercriminals against organizations. Here are some of the remote access tools they use, as delineated by AhnLab. 

Remote shell

  • This is the most common remote access tool, which can be classified into reverse shell and blind shell. 
  • Once remote shell is deployed on a compromised system, the attacker can take over the victim system and execute commands. 
  • The latest version of the Ursnif banking trojan, dubbed LDR4, functions as a backdoor trojan and attempts to get VNC or remote shell into the infected machine.

RATs

  • The most popular RATs sold on the dark web include RedLine Stealer, NanoCore, BitRAT, and Remcos RAT.
  • Apart from the above, another RAT is Gh0stCringe, a variant of Gh0st RAT. In March, Gh0st was found targeting Microsoft SQL and MySQL database servers.
  • Even attackers make their own backdoors, such as AppleSeed, NukeSped, and PebbleDash by Kimsuky and NukeSped groups. The North Korea-backed Lazarus APT was found abusing the Log4j vulnerability to ultimately drop the NukeSped backdoor for cyberespionage. 

Cobalt Strike

  • Cobalt Strike is an offensive security tool used by red teams. However, attackers have been increasingly using it for their malicious activities. 
  • Recently, the HHS had warned against increased Cobalt Strike infections in the healthcare sector. The pentesting tool is exploited mostly by nation state-sponsored threat actors, including Mustang Panda, APT10, APT41, and Winnti
  • The Black Basta ransomware group has been using QAKBOT, Cobalt Strike, and Brute Ratel (another Red Teaming tool), for network intrusion. 

AveMaria or Warzone RAT

  • Warzone RAT is usually delivered via spam emails. It can perform a multitude of tasks, including remote shell execution and  keylogging. 
  • In September, the Russian Sandworm APT group was spotted targeting Ukraine with commodity malware by pretending to be telecom providers. The end goal was to deploy Warzone RAT and Colibri Loader on critical systems.

The bottom line

Remote access tools are increasingly exploited as they can grant attackers to harm victims’ networks and systems in several ways. Therefore, security teams need to check normal authorized activities and enforce them. The adoption of a proactive cybersecurity strategy and implementing basic cybersecurity hygiene are critical to protecting an organization from security threats.
Cyware Publisher

Publisher

Cyware