The Times Australia
The Times Technology News

.
Times Media

.

New RAT Variants Running Rampant, Threat Report Reveals

  • Written by AVAST

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomware and remote access trojans (RATs). RATs can be used for industry espionage, credentials theft, stalking, and even distributed denial of service (DDoS) attacks. The threat researchers also observed innovation in the ever-evolving cybercrime space, with new mechanisms used by exploit kits, and by the mobile banking Trojan Flubot.

Ransomware and RATs putting businesses at risk

In the beginning of Q3 2021, the world witnessed a massive supply chain attack on IT management software provider Kaseya and its customers, with Sodinokibi/REvil ransomware. The Avast Threat Labs noticed and blocked this attack on more than 2.4k endpoints. Following the involvement of politics, the ransomware operators released the decryption key, and Sodinokibi’s infrastructure went down, with no new variants seen in the wild until September 9th, when Avast detected and blocked a new variant. Overall, in Q3, the Avast Threat Labs saw the risk ratio of ransomware attacks go up by 5% vs. Q2, and even up by 22% vs. Q1 2021.

RATs were also a dangerous threat for businesses and consumers, which spread further in Q3 than in the previous quarters. Avast spotted three new RAT variants, including FatalRAT with anti-VM capabilities, VBA RAT, which exploits the Internet Explorer vulnerability CVE-2021-26411, and a new version of Reverse RAT with build number 2.0 which added web camera photo taking, file stealing and anti-AV capabilities. “RATs can be a fundamental threat for businesses, as they can be used for industry espionage,” said Jakub Kroustek, Avast Malware Research Director. “However, RATs can also be used against consumers, for example to steal their credentials, to add their computers to a botnet to drive DDoS attacks, and unfortunately, for cyberstalking, which can do massive harm to an individual’s privacy and wellbeing.”

Growing distribution of rootkits, and innovation in exploit kits and mobile banking trojans
The Avast Threat Labs also recorded a significant increase in rootkit activity at the end of Q3, which was one of the most significant increases in activity in the quarter. A rootkit is malicious software designed to give unauthorised access to cybercriminals, with the highest system privileges. Rootkits commonly provide services to other malware in the user mode.

Another malware category that appears to be returning are Exploit Kits, with notable new innovations occurring, including the targeting of Google Chrome vulnerabilities. The most active exploit kit was PurpleFox, against which Avast protected over 6,000 users per day on average. Rig and Magnitude were also prevalent throughout the whole quarter. The Underminer exploit kit woke up after a long period of inactivity and started sporadically serving HiddenBee and Amadey. Some exploit kits, especially PurpleFox and Magnitude, are under heavy development, regularly receiving new features and exploitation capabilities.

The Avast Threat Labs also monitored new tactics on the mobile front, with FluBot, an Android SMS banking threat, changing its social engineering approach. Jakub Kroustek said, “Flubot first spread posing as delivery services to lure the victims into downloading a “tracking app” for a parcel they recently missed or should be expecting. In Q3, Avast has seen novel scenarios in spreading this malware. One example is posing as voicemail recorders. Another is fake claims of leaked personal photos. The most extreme of these variants would even lure the victim to a fake page that would claim the victim has already been infected by FluBot when they probably weren’t yet and trick them into installing a “cure” for the “infection”. This “cure” would in fact be the FluBot malware itself.

Flubot continued to expand from where initially it was targeting Europe in Q2 - Spain, Italy, Germany, to later spread throughout the rest of Europe and other countries like Australia and New Zealand.

For more detailed information visit the full report: https://decoded.avast.io/threatresearch/avast-q321-threat-report/

The Times Features

The Gift That Keeps Growing: Why Tinybeans+ Gift Cards are a game-changer for new parents

As new parents navigate the joys and challenges of raising a child in the digital age, one question looms large: how do you preserve and share your baby's milestones without co...

Group Adventures Made Easy: How to Coordinate Shuttle Services from DCA to IAD

Traveling as a large group can be both exciting and challenging, especially when navigating busy airports like DCA (Ronald Reagan Washington National Airport) and IAD (Washington...

From Anxiety to Assurance: Proven Strategies to Support Your Child's Emotional Health

Navigating the intricate landscape of childhood emotions can be a daunting task for any parent, especially when faced with common fears and anxieties. However, transforming anxie...

The Rise of Meal Replacement Shakes in Australia: Why The Lady Shake Is Leading the Pack

Source Meal replacement shakes are having a moment in Australia, and it’s not hard to see why. They’re quick, convenient, and packed with nutrition, making them the perfect solu...

HCF’s Healthy Hearts Roadshow Wraps Up 2024 with a Final Regional Sprint

Next week marks the final leg of the HCF Healthy Hearts Roadshow for 2024, bringing free heart health checks to some of NSW’s most vibrant regional communities. As Australia’s ...

The Budget-Friendly Traveler: How Off-Airport Car Hire Can Save You Money

When planning a trip, transportation is one of the most crucial considerations. For many, the go-to option is renting a car at the airport for convenience. But what if we told ...

Times Magazine

Evaluating the Benefits of Pet Insurance: Is It Really Worth It?

Owning a pet can be one of the most rewarding and fulfilling experiences, but it can also come with significant financial costs. Veterinary bills, prescription medications, and other pet-related expenses can quickly add up, and if you're not prepar...

Full capacity: 5 steps to avoid forklift damage

There is a very good reason why Australia maintains rigorous forklift safety standards. The truth is, not everyone can be trusted on this dangerous machinery, and the uninitiated are simply a risk to themselves, their colleagues and the machine. ...

Award-Winning Australian SEO company, Perfect Link Building Reveals the Secrets Behind their SEO Strategies.

Australian SEO company: Award-Winning & Client-Approved  Perfect Link Building emerged as #1 winner out of 125 competing global agencies at the Top Digital Results 2022 summit. In the dynamic world of Australian digital marketing, being the be...

The Top 5 Differences Between Wall Stickers And Wallpapers

Your living room wall is the first thing guests see when they visit your home. It should be welcoming, stylish, and above all, reflect your personality.  But with so many choices on the market, it can take time to decide how to achieve the perfect...

Types of Hot Water Systems: Different types of systems and the advantages

1. Electric: Electric hot-water systems are the simplest and most common type of hot water system. They work by circulating heated water through a tank filled with cold water using electricity as the heat source. The electric current heats the wa...

3 Solar Panel Warranty Categories You Should Know

A solar power system is a multi-decade investment. If its components degrade quickly over time, you’re likely to drive less long-term value from it. That’s why there’s a need to check whether each component comes with a rock-solid warranty. All so...