In the ever-evolving cybersecurity domain, the resurgence of NetSupport RAT, a Remote Access Trojan (RAT), has raised concerns among security professionals.
This sophisticated malware, initially developed as a legitimate remote administration tool, has been repurposed by malicious actors to infiltrate systems and establish remote control.
NetSupport Manager, the software upon which NetSupport RAT is based, originated as a genuine remote technical support tool three decades ago.
It provided capabilities for file transfers, support chat, inventory management, and remote access.
While its initial purpose was legitimate, threat actors have exploited its functionalities for malicious purposes.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
In collaboration with the Threat Analysis Unit, the Carbon Black Managed Detection & Response (MDR) team has witnessed a significant increase in NetSupport RAT infections in recent weeks.
This surge primarily affects Education, Government, and Business Services organizations.
The distribution of NetSupport RAT involves a variety of tactics, including fraudulent updates, drive-by downloads, exploitation of malware loaders like GhostPulse, and phishing campaigns.
Unlike some malware exclusively utilized by specific threat actors, NetSupport RAT has been employed by a range of malicious entities, from novice hackers to sophisticated adversaries.
Recent NetSupport RAT attacks typically involve tricking victims into downloading fake browser updates from compromised websites.
The initial infection process may vary depending on the specific threat actor’s methodology.
One observed infection scenario involves a victim downloading a fake browser update from a compromised website.
This update hosts a PHP script that displays a seemingly authentic update prompt.
Upon clicking the download link, an additional JavaScript payload is downloaded onto the endpoint.
Carbon Black’s MDR team has developed advanced detection and mitigation strategies to combat NetSupport RAT infections.
These strategies encompass:
The resurgence of NetSupport RAT highlights the ever-evolving nature of cybersecurity threats.
Carbon Black’s comprehensive detection and mitigation strategies and continuous updates empower organizations to safeguard their systems effectively against this and other evolving threats.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
Russian hacktivists increasingly target small-scale operational technology (OT) systems across North America and Europe. These attacks, primarily focused on the…
Cybersecurity experts have uncovered a series of sophisticated cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers. The attackers, identified as…
A Ukrainian national, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison. Vasinskyi, known in the…
Honeywell's 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase…
In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant…
Panda Restaurant Group, Inc., a leading name in the fast-food industry, has confirmed a significant breach in its corporate data…