Top Banner
Growth and Commoditization of Remote Access Trojans Veronica Valeros & Sebastian Garcia Stratosphere Research Laboratory Czech Technical University in Prague
30

Commoditization of Growth and Remote Access Trojans

Mar 19, 2022

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Commoditization of Growth and Remote Access Trojans

Growth and Commoditization of

Remote Access Trojans

Veronica Valeros & Sebastian Garcia

Stratosphere Research Laboratory

Czech Technical University in Prague

Page 2: Commoditization of Growth and Remote Access Trojans

A type of computer program that allows an individual to have full remote control of the device where the software is installed.

REMOTE ACCESS SOFTWARE

Page 3: Commoditization of Growth and Remote Access Trojans

REMOTE ACCESS TROJAN

EVASION

Remote control is

performed secretly

Hiding in the system to

avoid detection

CONSENT

Installation without user

consent

CONTROL

Page 4: Commoditization of Growth and Remote Access Trojans

Sub7 1999

Page 5: Commoditization of Growth and Remote Access Trojans

What happened in the last 30 years?

Page 6: Commoditization of Growth and Remote Access Trojans

We collected, investigated, and built a corpus of the most well-known RATs in history.

RATs are grouped in families, with slight variations of the same RATs grouped together.

Found, referenced, and documented 337 unique families of RATs.

Page 7: Commoditization of Growth and Remote Access Trojans

TIMELINE OF RATS

Page 8: Commoditization of Growth and Remote Access Trojans

4.3x growth

3.5x growth

1996-2000 2001-2010 2011-2020

Page 9: Commoditization of Growth and Remote Access Trojans

Phase 3Phase 2Phase 1

1996-2000 2001-2010 2011-2020

Page 10: Commoditization of Growth and Remote Access Trojans

PHASE01

1996-2000

Page 11: Commoditization of Growth and Remote Access Trojans
Page 12: Commoditization of Growth and Remote Access Trojans

NetBus RAT 1999

Page 13: Commoditization of Growth and Remote Access Trojans

Among the most prominent ones were Back Orifice, Sub7 and Netbus.

Developers and operators were the same actor.

Together they defined a generation by being innovative and disruptive.

The era of homemade RATs, for fun and amusement.

Page 14: Commoditization of Growth and Remote Access Trojans

PHASE02

2001-2010

Page 15: Commoditization of Growth and Remote Access Trojans
Page 16: Commoditization of Growth and Remote Access Trojans

Beast RAT 2002

Page 17: Commoditization of Growth and Remote Access Trojans

Among the highlights of this period are Gh0st, PoisonIvy and DarkComet.

Developers and operators are now different actors.

The market started to mature.

RATs started to be used for attacks and for profit.

Page 18: Commoditization of Growth and Remote Access Trojans

PHASE03

2011-2020

Page 19: Commoditization of Growth and Remote Access Trojans
Page 20: Commoditization of Growth and Remote Access Trojans

Luminosity RAT

2015

Page 21: Commoditization of Growth and Remote Access Trojans

Among the highlights of this period are NanoCore, NjRAT, and Imminent Monitor

Developers became entrepreneurs.

Sellers provide support, new features, and host part of the infrastructure.

Multi-tiered operators driving the market of RATs.

Page 22: Commoditization of Growth and Remote Access Trojans

TIMELINE OF RATS

Page 23: Commoditization of Growth and Remote Access Trojans

RATs in Markets

Page 24: Commoditization of Growth and Remote Access Trojans

Eleven of the most common RATs in 2019-2020

Page 25: Commoditization of Growth and Remote Access Trojans

Commercialized prices of RATs in online marketplaces

BUILDER CRYPTER PLUGINS

Page 26: Commoditization of Growth and Remote Access Trojans

Commoditization of RATsBut why?

Who is buying all these?

Page 27: Commoditization of Growth and Remote Access Trojans

Business Email Compromise

Cyber espionage

Targeted Attacks

Stalkerware

Page 28: Commoditization of Growth and Remote Access Trojans

RATs are essential for any type of

cybercriminal activity

Page 29: Commoditization of Growth and Remote Access Trojans

Where are the RATs going?

Page 30: Commoditization of Growth and Remote Access Trojans

Veronica [email protected]@verovaleros

THANKS!Sebastian [email protected]@eldracote

www.stratosphereips.org


Related Documents
3. Trojans

3. Trojans

Category: Documents
Scada Trojans Ruben Rootedcon

Scada Trojans Ruben Rootedcon

Category: Documents
Commoditization of cloud computing

Commoditization of cloud computing

Category: Technology
Java Based Trojans:

Java Based Trojans:

Category: Documents
Gil yehuda commoditization open source

Gil yehuda commoditization open source

Category: Technology
Reconstructing C2 Servers for Remote Access Trojans with ...

Reconstructing C2 Servers for Remote Access Trojans with ...

Category: Documents
02 banking trojans-thomassiebert

02 banking trojans-thomassiebert

Category: Technology
Guidelines Learning Remote Safety in a Increasing · security controls specific to the platform being used . Other Security Notes: Remote Access Trojans . With the increased engagement

Guidelines Learning Remote Safety in a Increasing ·...

Category: Documents
Road2 ideas goonj_team trojans

Road2 ideas goonj_team trojans

Category: Documents
Lady trojans

Lady trojans

Category: Documents
PowerPoint Presentationcert.umz.ac.ir/uploads/شماره_8_نشریه_مرکز_آپا_مازندران.pdf49.20% Viruses 30.28% Trojans 11.56% worms 4.32% scripts 2.24% Password Trojans

PowerPoint...

Category: Documents
Commoditization of Technology and You!

Commoditization of Technology and You!

Category: Technology