023
Remote Administration Tools Used for
Malicious Attacks
Remote Administration Tools (RAT) could be legitimate
tools when used by administrators and helpdesk operators.
However, a number of attacks over the past several years
leveraged an off-the-shelf RAT to remotely control
infected machines in order to further infiltrate networks,
log keystrokes, and steal confidential information.
Since RATs are considered to be essential business
applications, they should not be categorically blocked.
However, their usage should be monitored and controlled
to prevent potential misuse.
Our research shows that 81% of the companies we tested
had at least one remote administration application, with
Microsoft RDP being the most popular.
Recent security research has identified a botnet that is
controlled by attackers from an Internet Relay Chat
(IRC) server running as a hidden service inside the Tor
anonymity network. The connections between users and
the Tor nodes are encrypted in a multi-layered fashion,
making it extremely difficult for surveillance systems that
operate at the local network level or at the ISP level to
determine the intended destination of a user
20
. The Tor
network’s (i.e. Onion Router) main goal is to provide
anonymity while browsing the internet. Although it has
wide support and enjoys great popularity, when used in a
corporate environment it raises several security concerns.
Tor can also be easily abused to bypass company security
policies since it was specifically designed to provide
anonymity for its users. When using Tor to access
resources on the Internet, the requests sent from a user’s
computer are routed randomly through a series of nodes
operated voluntarily by other Tor users.
IN
43%
OF EXAMINED
ORGANIZATIONS, ANONYMIZERS WERE USED
81% OF TEST ORGANIZATIONS
USED
REMOTE
ADMINISTRATION
TOOLS
Top RemoteAdministrationApplications
(% of Organizations)
17
%
VNC
4
%
Bomgar
3
%
Gbridge
More info on top remote administration applications is available in Appendix B.
Chart 3-F
52
%
TeamViewer
43
%
LogMeIn
58
%
MS-RDP
Source: Check Point Software Technologies
TOR ANONYMIZER COMPROMISES SECURITY
