4. The Need for Cybersecurity: Cyber Attacks 83 curity experts advised that the victims should just replace the devices on the network with brand new machines! In many hacks, malware is installed on the victim’s machine. A remote access trojan (RAT) is a powerful type of malware. RATs are also known euphemistically as remote administration tools because they provide the ability to remotely administer a computer (see Figure 4.4). RATs make it easy to connect back into the victim machine at will. They also provide user-friendly ways to accomplish many common hacker tasks, such as keystroke logging, turning on the victim’s webcam or microphone, viewing the web browsing history of the victim, browsing and downloading files from the victim’s machine, etc. Antivirus companies catalog RATs, so hackers must be careful when deploying them. The presence of a file associated with a RAT on a machine is an obvious IOC. Figure 4.4 A RAT called Quasar showing file browsing on a victim machine. A rootkit is a sophisticated form of malware that exploits the operating system of the victim. As we learned in Chapter 2, the OS is the most important software running on a computer. It mediates access to all the software and hardware on the computer. It handles all the basic security tasks and is the source of truth for what processes are running, what network connections are occurring, and what files exist. Rootkits compromise the OS, so they can undermine all of the above trusted functions. If a user searches for malware-related processes, network connections, or files, the rootkit can return all of the valid information except what is related to the malware. Because OSs are implicitly trusted, rootkits provide an extreme level of persistence. They conceal many IOCs. A hacker running a rootkit has more privileges on a machine than even the owner himself!
RkJQdWJsaXNoZXIy MTM4ODY=