023
Remote Administration Tools Used for
Malicious Attacks
Remote Administration Tools (RAT) could be legitimate
tools when used by admins and helpdesk. However, several
attacks over the past years leveraged an off-the-shelf RAT
to remotely control infected machines, further infiltrate
networks, log keystrokes, or steal confidential information.
Since Remote Administration Tools are usually essential
business applications, they should not be blocked across
the board; however, their usage should be monitored and
controlled to prevent potential misuses.
When looking at the organizations in our research, 81%
are using at least one Remote Administration application,
with Microsoft RDP being the most popular.
Recent security researches identified a botnet that is
controlled by attackers from an Internet Relay Chat
(IRC) server running as a hidden service inside the Tor
anonymity network. The connections between users and
the Tor nodes are encrypted in a multi-layered fashion,
making it very hard for surveillance systems that operate
at the local network level or the ISP level to determine the
intended destination of a user
20
. The Tor network‘s (also
known as Onion Router) main goal is basically to provide
anonymity while browsing the internet. Although it has
wide support and enjoys great popularity, when used in
an organizational environment it raises several security
challenges. Tor can also be easily abused to bypass
organizational security policies since it was specifically
designed to provide anonymity for its users. When using
Tor to access resources on the Internet, the requests sent
from a user‘s computer are routed randomly through a
series of nodes operated voluntarily by other Tor users.
IN
43%
OF ORGANIZATIONS,
ANONYMIZERS ARE USED
81% OF ORGANIZATIONS
ARE USING
REMOTE
ADMINISTRATION
TOOLS
Top RemoteAdministrationApplications
(% of Organizations)
17
%
VNC
4
%
Bomgar
3
%
Gbridge
More info on top remote administration applications is available in Appendix B.
Chart 3-F
52
%
TeamViewer
43
%
LogMeIn
58
%
MS-RDP
Source: Check Point Software Technologies
TOR ANONYMIZER COMPROMISES SECURITY
1...,12,13,14,15,16,17,18,19,20,21 23,24,25,26,27,28,29,30,31,32,...50