Cyber security centres warn of RATs, ’katz
- 15 October, 2018 10:23
The Australian Cyber Security Centre has worked with its equivalents in Canada, New Zealand, the UK and the United States to produce a report highlighting countermeasures for some of the most common threats faced by enterprises and governments.
The ACSC worked with the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC) on the report, which focuses on publicly available hacking tools.
The report covers popular remote access tools (RATS) Adwind and JBiFrost, the China Chopper web shell, Mimikatz, which can be used to obtain Windows credentials, lateral movement tool PowerShell Empire, and HTran, which can be used to obfuscate command and control communications.
“Experience from the authors shows that, while cyber actors continue to develop their capabilities, they are not abandoning common or established Tools, Techniques and Procedures (TTPs),” the report states. “Even more sophisticated groups will use publicly available tools and take advantage of basic security flaws to achieve their objectives.”
“Reports like this demonstrate our ability to pull together cyber security experts from across the globe, to give people a better understanding of what’s out there and how they can better defend their networks,” ACSC head Alastair MacGibbon said.
“Tools and techniques for exploiting networks and the data they hold are by no means limited for use by nation states or criminals on the dark web.”
“Hacking tools that provide a variety of functions are widely and freely available for use by everyone from skilled penetration testers, state actors and organised criminals, through to amateur hackers,” MacGibbon added.
Last year the ACSC’s parent agency, the Australian Signals Directorate (ASD), released an updated list of essential mitigation strategies that it says can counter the most common security threats.
The ‘Essential Eight’ is targeted at government agencies but also applicable to businesses. In comprises application whitelisting, application patching, locking down Microsoft Office macro settings, application hardening, restricting administrative privileges, patching operating systems, the use of multi-factor authentication, and daily backups.