US-CERT: Hackers Exploit Quasar Remote Administration Tool
When hackers recently infiltrated MSPs to break into end-customer networks, many pundits wondered what remote administration tools were involved. In some cases the answer apparently involves Quasar, an open source remote administration tool (RAT) for Microsoft Windows.
Advanced persistent threat (APT) actors modified Quasar and created minor and major versions of the software, US-CERT indicated. Furthermore, Quasar does not contain software exploits, but hackers are using other tools or methods to access a target host before they launch Quasar attacks.
Commercial antivirus programs enable organizations to monitor Quasar activity, US-CERT stated. As such, these programs can help organizations quickly identify malicious Quasar activity.
What Are RATs?
RATs provide full control of a device from any location. By doing so, they enable organizations to remotely detect and address device problems.
Comparatively, hackers may leverage RATs to illegally access user devices. Hackers sometimes launch RATs that a user unknowingly downloads onto a device and puts device applications, data and programs in danger.
If an unauthorized RAT is downloaded onto a device, a hacker can access a user’s sensitive information. Plus, a hacker can use a RAT to install different types of malware onto a device, deactivate a device and more.
Tips to Stop Unauthorized RATs
As hackers search for new ways to launch exploits, the use of RATs in cyberattacks could increase in the foreseeable future. Meanwhile, cybersecurity solutions provider McAfee offers the following recommendations to stop unauthorized RATs:
- Watch for suspicious email attachments and links. RATs sometimes are installed unknowingly after a user clicks on an email attachment or link; thus, is it important to only open email attachments and links from trusted senders.
- Share files safely. Peer-to-peer (P2P) file sharing provides quick, easy access to a wide range of files; at the same time, P2P file sharing provides cybercriminals with many opportunities to launch malicious RATs.
- Implement security software on all of an organization’s devices. Use security software to protect user data across all of an organization’s computers, smartphones, tablets and other devices.
MSSPs can help organizations stop RATs, too. By providing managed security services and resources to address RATs and other cyber threats, MSSPs can safeguard organizations against data breaches.
Additional insights from Joe Panettieri.