Remote Access Trojan (RAT)

What is RAT (Remote Access Trojan)? 

A Remote Access Trojan (RAT) is a type of malware that allows covert surveillance, a backdoor for administrative control and unfettered and unauthorized remote access to a victim’s machine. 

The RAT is extremely dangerous because it enables intruders to get remote control of the compromised computer. 

Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet.

Because a RAT enables administrative control, it makes it possible for the intruder to do just about anything on the targeted computer, including:

• Monitoring user behavior through keyloggers or other spyware.
• Accessing confidential information, such as credit card and social security numbers.
• Activating a system’s webcam and recording video.
• Taking screenshots.
• Distributing viruses and other malware.
• Formatting drives.
• Deleting, downloading or altering files and file systems.

What are the most common types of RAT?

• Back Orifice
• SubSeven
• ProRat
• Turkojan
• Poison-Ivy
• Saefko
• CrossRAT
• Beast Trojan
• Blackshades
• Mirage
• DarkComet
• NetBus
• Nuclear RAT

How is the RAT installed on my computer?

RAT is often like other malware infection vectors. Hackers use various techniques to install a RAT on your computer. These techniques and methods are listed below:

• Users can be tricked to download malicious packages
• Users can be lured into visiting suspicious web links
• Crafted email attachments are sent to the target users
• RAT is delivered using files downloaded through torrents

Threat actors can install RATs either by gaining temporary physical access or via social engineering attacks.

How to detect RATs?

Detecting a Remote Access Trojan is a difficult task because in most cases, they do not show up in the list of running tasks or programs on your computer. Moreover, your system will not be slowed. However, your internet speed will slow down as RAT uses your bandwidth to work. A RAT can infect your computer for several years if it goes unnoticed.

To get out of the RAT nightmare, using malware detection tools and antivirus scans can be helpful. 

How can a RAT be avoided?

There are several tools, techniques and best practices that can be used to avoid a RAT attack. Below is a detailed list of them: 

• Do not download files from untrusted sources such as pornography sites or freeware software
• Always avoid opening email attachments from strangers or people you don’t know
• Do not download games through malicious websites
• Install antivirus software and keep it patched and up to date
• Always keep your OS, web browsers and applications up-to-date and apply patches to all of them
• You should also avoid downloading torrent files if they are from unreliable sources
• Always lock public computers when they are not in use, and be cautious of telephone calls or emails asking you to install an application
• It is sometimes difficult to avoid a RAT because the attackers use a binder to link a RAT with legitimate executable programs, which hampers the detector from finding it. Though RATs don’t show up in running processes, using a task manager to look for unfamiliar or unknown processes is a good practice. If there are any strange files running in your task manager, then quickly remove them. If you do not find any strange processes, then search for it on Google to get the answer
• Sometimes, a RAT is added to Windows startup directories and registry entries so that it can start automatic execution every time you turn on your system. 
• Another good idea for removing suspicious applications from your computer is to use the “Add or Remove Program” option located in your control panel. If you notice any odd program on your computer, just uninstall it.
• Since a RAT uses the bandwidth of your internet connection, it will ultimately slow down your internet speed. Therefore, poor internet speed may be an indication of RAT malware. If this is the case, quickly disconnect your internet. Doing so will prevent attackers from taking control of your PC, because RAT only works when the internet connection is active. After disconnecting the internet, you need to use a malware program such as Spy Hunter or Malwarebytes to exterminate a RAT.

10 Best RAT Software Detection Tools

If you like to look at digital attack maps, have a look at this page on Secure Idées which points to sites such as map.httpcs.com.

Remote Access Trojan (RAT)

Source: dnsstuff, Fakhar Imam

Google extends Chrome support for Windows 7

Google has decided to extend Chrome support for Windows 7 for another six months beyond its original plan in order to give customers more time if their Windows 10 migration plans were delayed by the COVID-19 pandemic. 

In January, Google said Chrome support would continue until at least July 2021, but that was a few months before the pandemic struck. 

Google has now confirmed that Chrome will support Windows 7 until at least January 15, 2022. After that date customers cannot be guaranteed of receiving security updates for Chrome on Windows 7. 

Microsoft ended free support of Windows 7 on January 14, 2020. However, businesses had the option to pay for Extended Security Updates for Windows 7.

Organizations in some sectors such as healthcare struggled to upgrade to Windows 10 by the that deadline. 

Source: zdnet, flaticon

World Computer Security Day

World Computer Security Day is an annual event and is celebrated on the 30th November each year. It is designed to raise awareness and to promote best practices in Information Security.

The main objective of this event is to bring together international and local IT and security professionals to share their experiences, acquire knowledge and gain an understanding to safeguard their organization’s most valuable asset-information.

World Computer Security Day

Source: Cybersafework, Doodly

The End Of Life (EOL) for Windows 7

A new reminder for those who are still holding on to the Windows 7 operating system, you have 9 months left until Microsoft ends support for its 9-year-old operating system, i.e. on January 14, 2020.

This was actually supposed to have happened already, but due to many industries with applications that do not support anything above Windows 7, the EOL date was extended. However, as with everything, the end has come.

With the Windows 7 End of Life date now rapidly approaching, Microsoft is keen to make sure people know that support for the operating system is ending, and wants to encourage people to move from the operating system.

So, the company is releasing an update to Windows 7 – KB4493132 – which will display notifications reminding Windows 7 users to upgrade to Windows 10 before the End of Life date.

Microsoft actually ended mainstream support for Windows 7 on January 13, 2015, which meant new features stopped being added, and warranty claims were no longer valid.

However, during the extended support phase, which Windows 7 entered after the end of its mainstream support, the operating system has still been patched and updated to make sure security issues and bugs are fixed.

Windows 7 End of Life: what happens next?

When Windows 7 reaches its End of Life phase on January 14, 2020, Microsoft will stop releasing updates and patches for the operating system. It’s likely that it also won’t offer help and support if you encounter any problems.

However, that doesn’t mean Windows 7 will stop working on January 14, 2020 – you’ll still be able to use Windows 7 for as long as you want. So the good news is that you’re not going to wake up on January 15 to find your Windows 7 PC no longer boots up.

But just because you can continue to use Windows 7 in its End of Life status, it doesn’t mean you should.

The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security problems once it enters End of Life, and this leaves you extremely vulnerable to any emerging threats.

What’s more, if a large number of people continue to use Windows 7 after the End of Life date, that could actually be a big incentive for malicious users to target viruses and other nasties at Windows 7.

So, while Windows 7 will continue to work after January 14, 2020, you should start planning to upgrade to Windows 10, or an alternative operating system, as soon as possible.

Windows 7 End of Life: what should you do?

So, if you still use Windows 7, what should you do? There are a number of things I would recommend you do in preparation for Windows 7 End of Life, and the first is to consider upgrading to a newer operating system.

While you have a number of choices when moving operating systems, for many people, the obvious and simplest option is to upgrade to Windows 10.

Windows 7 End of Life: upgrading to Windows 10

Upgrading from Windows 7 to Windows 10 has a number of benefits. For a start, because both operating systems are made by Microsoft the upgrade process is relatively easy, and in many cases, you can keep your files on your PC.

Windows 7 End of Life: moving to Linux

The most cost-effective way of preparing for Windows 7 End of Life is to switch operating systems altogether and install Linux on your machine.

Windows 7 End of Life: switch to Mac

Finally, you could use Windows 7’s End of Life as a reason to dip your toe into Apple’s ecosystem. Apple has a well-deserved reputation for building gorgeously-designed hardware that uses its macOS operating system, which is both easy to use and secure against internet threats.

Windows 7 End of Life: back up your documents

No matter which route you take, you should make sure that your documents are safely backed up. If you’re upgrading to Windows 10 from Windows 7 on the same machine the transfer of your files is part of the process, but it’s best to back up just in case something goes wrong.

Source: irissol, the hackernews, techradar

How to enable 2-step verification for Google Apps?

OVERVIEW

Google Apps (G Suite) provides the option of turning on two-step verification for your user accounts. This provides an extra layer of security to your user’s data by having them authenticate with a verification code as well as their password. I recommend that you enable this option to make your accounts more secure. The instructions below will lead you through enabling two-step verification as well as enforcing its use for your G Suite service.

INSTRUCTIONS

Enabling Two-Step Verification

These steps will guide you through enabling the option of using two-step verification for your G Suite account users. This allows your users to choose to use the feature if they wish. It does not make two-step verification mandatory for your users.

1. Log into your G Suite Admin Console.
2. From the dashboard, select Security.

3. Next, click on Basic Settings.

4. Scroll down to the Two-Step Verification setting and tick the checkbox to Allow users to turn on 2-step verification.  This will enable the ability for the account user to utilize two-step authentication if they choose.

5. Click on the Save changes button that appears.

NOTE:

If you wish to make it mandatory for your users to use two-step 
authentication, please continue on to the enforcing two-step 
verification instructions once the two-step verification option is 
enabled.

Source: Mediatemple

APIPA

APIPA stands for Automatic Private Internet Protocol Addressing.

APIPA is in every version of Windows since NT and all versions of Mac OS X.

APIPA is a DHCP mechanism that provides DHCP clients with self-assigned IP addresses when DHCP servers are not available. When there isn’t a DHCP server available, APIPA assigns IPs from 169.254.0.1 to 169.254.255.254 with a default mask of 255.255.0.0.

Clients leverage ARP ( Address Resolution Protocol )to verify their address doesn’t conflict with another on the network. APIPA is enabled on all interfaces of all DHCP clients in pretty much all modern operating systems.

10 Cybersecurity Myths

A new infographic by Varonis, titled “10 Cyber Security Myths Putting Your Business at Risk” identifies what is the myth and what is the reality. If you are like most small business owners, you probably aren’t a digital security expert. So, having a look at this infographic may be the best way to identify weaknesses in your security protocol.

With small businesses increasingly becoming targets of cyber-attacks, it is extremely important for owners to stay abreast of the latest developments in digital security.

On the official Varonis blog, Senior Director of Inbound Marketing Rob Sobers writes, “The proliferation of high-profile hacks in the news cycle often tricks small- and medium-sized businesses into thinking that they won’t be targets of attack.”

But this may not be the case, Sobers warns. Staying in the know makes it much harder for you to fall victim to the relentless attacks by cybercriminals.

Sobers ads, “If you or your employees believe any of the myths below, you could be opening up your business to unknown risk.”

The number one myth listed on the new infographic? ‘A strong password is enough to keep your business safe’. Although a strong password is important — and certainly better than ‘Admin1234′ — you need to do more.

Having a two-factor authentication and data monitoring adds another level of protection. And adding this layer of protection is in many cases enough to drive the average hacker to look for easier targets.

Another myth listed on the infographic? “Small and medium-size businesses aren’t targeted by hackers. This is obviously false because hackers are opportunists who will target anyone as long as they can benefit from it. And small businesses are not excluded from this.

The 2018 Verizon Data Breach Investigations Report has revealed 58 percent of data breach victims are small businesses, so the idea the size of your business might exclude you is definitely a myth.

Cybercriminals hack computer systems for a variety of reasons. Once they breach your security, they could use it to launch a DDoS attack, use your IP address for other nefarious purposes and more.

Much like some businesses believe they won’t be attacked because of their size, other businesses wrongly assume that they won’t be attacked because of the industry they’re in. This myth also goes hand-in-hand with the belief that some companies don’t have anything “worth” stealing. The reality is that any sensitive data, from credit card numbers to addresses and personal information, can make a business a target.

What’s more, even if the data being targeted doesn’t have resale value on the dark web, it may be imperative for the business to function. Ransomware, for example, can render data unusable unless you pay for a decryption key. This can make attacks very profitable for cybercriminals, even if the data is deemed “low value.”

Anti-virus software is certainly an important part of keeping your organization safe — but it won’t protect you from everything. The software is just the beginning of a comprehensive cybersecurity plan. To truly protect your organization, you need a total solution that encompasses everything from employee training to insider threat detection and disaster protection.

While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, research suggests that insider threats can account for up to 75 percent of data breaches.

These threats can come from anyone on the inside, from disgruntled employees looking for professional revenge to content employees without proper cybersecurity training, so it’s important to have a system in place to deter and monitor insider threats.

While IT has a big responsibility when it comes to implementing and reviewing policies to keep companies cyber safe, true cybersecurity preparedness falls on the shoulders of every employee, not just those within the information technology department.

For example, according to Verizon, 49 percent of malware is installed over email. If your employees aren’t trained on cybersecurity best practices, like how to spot phishing scams and avoid unsafe links, they could be opening up your company to potential threats.

If your business has employees who travel often, work remotely or use shared workspaces, they may incorrectly assume that a password keeps a Wi-Fi network safe. In reality, Wi-Fi passwords primarily limit the number of users per network; other users using the same password can potentially view the sensitive data that’s being transmitted. These employees should invest in VPNs to keep their data more secure.

A decade or so ago it may have been true that you could tell immediately if your computer was infected with a virus — tell-tale signs included pop-up ads, slow-to-load browsers and, in extreme cases, full-on system crashes.

However, today’s modern malware is much more stealthy and hard to detect. Depending on the strain your computer or network is infected with, it’s quite possible that your compromised machine will continue running smoothly, allowing the virus to do damage for some time before detection.

Employees often assume that their personal devices are immune to the security protocols the company’s computers are subjected to. As such, Bring Your Own Device (BYOD) policies have opened up companies to the cyber risk they may not be aware of. Employees who use their personal devices for work-related activities need to follow the same protocols put in place on all of the network’s computers.

These rules aren’t limited to cell phones and laptops. BYOD policies should cover all devices that access the internet, including wearables and any IoT devices.

Cybersecurity is an ongoing battle, not a task to be checked off and forgotten about. New malware and attack methods consistently put your system and data at risk. To truly keep yourself cyber safe, you have to continuously monitor your systems, conduct internal audits, and review, test, and evaluate contingency plans.

Keeping a business cyber safe is a continuous effort and one that requires every employee’s participation. If anyone at your company has fallen victim to one of the myths above, it may be time to rethink your cybersecurity training and audit your company to assess your risk.

Source: Varonis, Smallbiztrends

Filter Bubble

A filter bubble is an intellectual isolation that can occur when websites make use of algorithms to selectively assume the information a user would want to see, and then give information to the user according to this assumption.

Websites make these assumptions based on the information related to the user, such as former click behavior, browsing history, search history, and location. For that reason, the websites are more likely to present only information that will abide by the user’s past activity.

A filter bubble, therefore, can cause users to get significantly less contact with contradicting viewpoints, causing the user to become intellectually isolated.

Personalized search results from Google and personalized news stream from Facebook are two perfect examples of this phenomenon.

What are filters and where exactly is the “bubble?”

Language and location are the two most basic filters Google and other sites use to deliver personalized results. If you are searching Google for an electrician and you speak English and live in Ohio, Google knows there’s no need to show you the link to a bilingual electrician in Texas.

There are many other factors that Google and others use to personalize results to you. All of these filters create a bubble around you. The information that filters deem important to you goes into the bubble; the rest stays outside of the bubble and does not show up in search results.

The term filter bubble was coined by internet activist Eli Pariser in his book, “The Filter Bubble: What the Internet Is Hiding from You” (2011).

Pariser relates a case in which a user searches for “BP” on Google and gets investment news regarding British Petroleum as the search result, while another user receives details on the Deepwater Horizon oil spill for the same keyword. These two search results are noticeably different and could affect the searchers’ impression of the news surrounding the British Petroleum company.

According to Pariser, this bubble impact could have adverse effects on social discourse. However, others say the impact is negligible.

How Are Filter Bubbles Created?

Algorithmic websites, like many search engines and social media sites, show users content based on their past behavior. Depending on what you’ve clicked on in the past, the website shows you what it thinks you are most likely to engage with.

Social Media companies, like Facebook, want you to keep using the product. So instead of being a feed of all the information, Facebook is selective with what it puts in your feed. People often assume that the information they see is unbiased when it is actually skewed towards their beliefs.

Here is what Mark Zuckerberg said emphasizing the importance of news feed in Facebook and how they need to customized from user to user:

Rarely do we go past the page-1 of our Google searches? Highly filtered results (which most of us prefer – living in a bubble), meaning other stuff gets demoted. And the personalization increases as algorithm gets more training on your interests, and thus the wall of bubble goes thicker and thicker.

Why are Filter Bubbles Bad?

After a while of only seeing results they agree with, people begin to believe that they are more correct and then their views are strengthened and solidified. This means that when someone disagrees with them, both of their views are likely to be more polarized. As a result, these people are less likely to agree with each other, or even talk to each other.

Filter bubbles are a kind of “intellectual isolation”. This isolation creates ignorance to other perspectives and opinions.

The negative of personalization and filter bubbles is that you will only see information that you like. Google is not going to challenge or disagree with you. (Its search results and what flows into your “bubble” are all based on algorithms.) It’s important to know, you’re only seeing one side of the story: Your side. When we are only surrounded by information and people we agree with, we miss opportunities to learn and grow.

The other con associated with the bubble is Page Ranking. Search engines use this to categorize, and rank pages based on the number of hits or popularity of a given website or content. This doesn’t make the information accurate, but we tend to believe that because it ranks higher in the search than other websites it must be legit. This takes away our ability to dig deeper for relevant information.

How can you burst out of it?

In order to burst the filter bubble following steps can be handy.

1. To get rid of your search history.
2. To turn off targeted ads using ad blocking software
3. Ensuring that you delete your browser cookies
4. Disabling tracking cookie features
5. Keeping your Facebook data private, altogether!
6. Going incognito or anonymous
7. Private search engines are a great way to avoid filter bubbles.

What is the difference between the Filter Bubble and Personalisation?

Personalisation is the process and filter bubble the result. Personalization makes you only see stuff in your feed that is supposed to be relevant to you. That creates a filter bubble in which everything else is filtered out.

Additional Resources:

Eli Pariser: Beware online “filter bubbles” – Watch the eight minute video of his speech at Ted 2011.

I’d love to hear your comments. Do drop a comment below.

Source: Techopedia, Search Encrypt, Blitzmediadesign, Yingyingxia

HTTP/3

The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed.

This will become the second Google-developed experimental technology to become an official HTTP protocol upgrade after Google’s SPDY technology became the base of HTTP/2.

HTTP-over-QUIC is a rewrite of the HTTP protocol that uses Google’s QUIC instead of TCP (Transmission Control Protocol) as its base technology.

QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.

In a mailing list discussion last month, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Group, made the official request to rename HTTP-over-QUIC as HTTP/3, and pass it’s a development from the QUIC Working Group to the HTTP Working Group.

In the subsequent discussions that followed and stretched over several days, Nottingham’s proposal was accepted by fellow IETF members, who gave their official seal of approval that HTTP-over-QUIC becomes HTTP/3, the next major iteration of the HTTP protocol, the technology that underpins today’s World Wide Web.

According to web statistics portal W3Techs, as of November 2018, 31.2 percent of the top 10 million websites support HTTP/2, while only 1.2 percent support QUIC.

What is QUIC?

QUIC (Quick UDP Internet Connections) is a new transport protocol for the internet, developed by Google.

QUIC solves a number of transport-layer and application-layer problems experienced by modern web applications while requiring little or no change from application writers. QUIC is very similar to TCP+TLS+HTTP2 but implemented on top of UDP. Having QUIC as a self-contained protocol allows innovations which aren’t possible with existing protocols as they are hampered by legacy clients and middleboxes.

Key advantages of QUIC over TCP+TLS+HTTP2 include:

• Connection establishment latency
• Improved congestion control
• Multiplexing without head-of-line blocking
• Forward error correction
• Connection migration

Connection Establishment

QUIC handshakes frequently require zero roundtrips before sending a payload, as compared to 1-3 roundtrips for TCP+TLS.

The first time a QUIC client connects to a server, the client must perform a 1-roundtrip handshake in order to acquire the necessary information to complete the handshake. The client sends an inchoate (empty) client hello (CHLO), the server sends a rejection (REJ) with the information the client needs to make forward progress, including the source address token and the server’s certificates. The next time the client sends a CHLO, it can use the cached credentials from the previous connection to immediately send encrypted requests to the server.

Congestion Control

QUIC has pluggable congestion control and provides richer information to the congestion control algorithm than TCP. Currently, Google’s implementation of QUIC uses a reimplementation of TCP Cubic and is experimenting with alternative approaches.

One example of richer information is that each packet, both original and retransmitted, carries a new sequence number. This allows a QUIC sender to distinguish ACKs for retransmissions from ACKs for originals and avoids TCP’s retransmission ambiguity problem. QUIC ACKs also explicitly carry the delay between the receipt of a packet and its acknowledgment being sent, and together with the monotonically-increasing sequence numbers.  This allows for precise roundtrip-time calculation.

Finally, QUIC’s ACK frames support up to 256 NACK ranges, so QUIC is more resilient to reordering than TCP (with SACK), as well as able to keep more bytes on the wire when there is reordering or loss. Both client and server have a more accurate picture of which packets the peer has received.

Multiplexing

One of the larger issues with HTTP2 on top of TCP is the issue of head-of-line blocking. The application sees a TCP connection as a stream of bytes. When a TCP packet is lost, no streams on that HTTP2 connection can make forward progress until the packet is retransmitted and received by the far side – not even when the packets with data for these streams have arrived and are waiting in a buffer.

Because QUIC is designed from the ground up for multiplexed operation, lost packets carrying data for an individual stream generally only impact that specific stream. Each stream frame can be immediately dispatched to that stream on arrival, so streams without loss can continue to be reassembled and make forward progress in the application.

Forward Error Correction

In order to recover from lost packets without waiting for a retransmission, QUIC can complement a group of packets with an FEC packet. Much like RAID-4, the FEC packet contains parity of the packets in the FEC group. If one of the packets in the group is lost, the contents of that packet can be recovered from the FEC packet and the remaining packets in the group. The sender may decide whether to send FEC packets to optimize specific scenarios (e.g., beginning and end of a request).

Connection Migration

QUIC connections are identified by a 64-bit connection ID, randomly generated by the client. In contrast, TCP connections are identified by a 4-tuple of source address, source port, destination address, and destination port. This means that if a client changes IP addresses (for example, by moving out of Wi-Fi range and switching over to cellular) or ports (if a NAT box loses and rebinds the port association), any active TCP connections are no longer valid. When a QUIC client changes IP addresses, it can continue to use the old connection ID from the new IP address without interrupting any in-flight requests.

For a detailed explanation, read the book: HTTP/3 Explained by Daniel Stenberg

HTTP/3 explained is a free and open booklet describing the HTTP/3 and QUIC protocols.

Watch this Google Developers QUIC tech Talk:

Do drop a comment below.

Source: zdnet, Google, Chromium Blog, Chromium

 

How to Be Invisible Online (Without Going off the Grid)

Are you concerned about your online security? With more data breaches occurring daily, it’s crucial to protect yourself with these simple tips.

This infographic is a comprehensive look at how you can reduce your online visibility to protect your privacy, but still be seen by your family and friends. From browsing the internet to safety on social media platforms, you don’t need to be a technical genius to lessen your online risk.

You don’t have to leave the grid to disappear from hackers and unscrupulous businesses who exploit you and your information for their gain without your knowledge. However, it’s critical to protect your data on each platform you use.

Unfortunately, these big corporations don’t always have our best interests at heart. As we’ve seen from the multiple data breaches, there are times that consumers aren’t told about the hack until it was too late. Repairing your credit and personal information after a data hack is scary. By locking down your data now, you’ll save yourself a bigger headache later.

Source: Barbara Davidson, Robin