The Times Australia
The Times Technology News

.
The Times Real Estate

.

New RAT Variants Running Rampant, Threat Report Reveals

  • Written by AVAST

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk

In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi’s infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected and blocked a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. “RATs can be a fundamental threat for businesses, as they can be used for industry espionage,” said Jakub Kroustek, Avast Malware Research Director. “However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual’s privacy and wellbeing.”

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorised access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, “Flubot first spread posing as delivery services to lure the victims into downloading a “tracking app” for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren’t yet and trick them into installing a “cure” for the “infection”. This “cure” would in fact be the FluBot malware itself.

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

The Times Features

Airbnb unveils hidden wine regions to explore across Australia

Ahead of Easter, Airbnb launches Hidden Vines - the ultimate grape escape guide - as new data reveals travellers are keen to uncover lesser-known regions and revisit old favour...

Why 20% of workers don't feel safe in their workplace

80% OF AUSTRALIAN WORKERS FEEL THEIR COMPANY PRIORITISES HEALTH AND SAFETY IN THE WORKPLACE, BUT WHY NOT 100%? COS shares innovative solutions to keep staff healthy, safe and...

Cardio and strength training boost health as you age. But don’t forget balance exercises to reduce your chance of falls

We all recognise the benefits of regular aerobic or cardiovascular exercise to support our heart and lung health. Being active is also good for our social and mental health. ...

Riding in Style: Must-Have Bogs Gumboots for Equestrians

Key Highlights Bogs Gumboots offer superior comfort, durability, and waterproof protection, making them ideal for the demanding conditions of equestrian life. Their contoured...

How to Tell If You Need a New Roof in Melbourne Due to Leaks

Picture waking up in the early hours of the morning to the sound of mellow drips at your home, heralding the tremendous downpour of the previous night. As you look above, you not...

Rise of the Grey WoMad: Older Women Travelling Solo

Older Australian women are increasingly ditching their families and choosing to travel solo creating a new type of traveller known as the ‘Grey WoMad’. Budget travel platform ...

Times Magazine

Blocky Adventures: A Minecraft Movie Celebration for Your Wrist

The Minecraft movie is almost here—and it’s time to get excited! With the film set to hit theaters on April 4, 2025, fans have a brand-new reason to celebrate. To honor the upcoming blockbuster, watchfaces.co has released a special Minecraft-inspir...

The Ultimate Guide to Apple Watch Faces & Trending Wallpapers

In today’s digital world, personalization is everything. Your smartwatch isn’t just a timepiece—it’s an extension of your style. Thanks to innovative third-party developers, customizing your Apple Watch has reached new heights with stunning designs...

The Power of Digital Signage in Modern Marketing

In a fast-paced digital world, businesses must find innovative ways to capture consumer attention. Digital signage has emerged as a powerful solution, offering dynamic and engaging content that attracts and retains customers. From retail stores to ...

Why Cloud Computing Is the Future of IT Infrastructure for Enterprises

Globally, cloud computing is changing the way business organizations manage their IT infrastructure. It offers cheap, flexible and scalable solutions. Cloud technologies are applied in organizations to facilitate procedures and optimize operation...

First Nations Writers Festival

The First Nations Writers Festival (FNWF) is back for its highly anticipated 2025 edition, continuing its mission to celebrate the voices, cultures and traditions of First Nations communities through literature, art and storytelling. Set to take ...

Improving Website Performance with a Cloud VPS

Websites represent the new mantra of success. One slow website may make escape for visitors along with income too. Therefore it's an extra offer to businesses seeking better performance with more scalability and, thus represents an added attracti...

LayBy Shopping