RATs – are they Useful or Dangerous for your ICS

In October 2018, Vyacheslav Kopeytsev, Security Researcher, Critical Infrastructure Threat Analysis, spoke at MALCON 2018, the 13^th IEEE International Conference on Malicious and Unwanted Software, held this year in Massachusetts, USA.

Vyacheslav spoke about how RATs (remote administration tools) can be included in attacks on industrial facilities. System administrators use RATs frequently to manage their networks and to assist their users. But few of them realize how easy they make it for threat actors to misuse the opportunities presented by the use of RATs during their attacks.

Vyacheslav described three real world cases where the Kaspersky Lab ICS CERT team had investigated attacks against various industrial facilities. In all three cases, RATs had been part of the attack strategy. Vyacheslav provided in-depth analyses of all three cases and described the errors in network administration and software settings that had made the incidents possible.

Afterwards, Professor Richard Brooks, one of the MALCON 2018 organizers, noted that “Vyacheslav’s contribution was important. Since attacks on ICS are on the rise, it is vital for researchers to look closely at the ins and outs of recent attacks, including how legitimate software was involved due to human error.”.

Finally, Vyacheslav went over the latest KSN data and emphasized how attacks on ICS, including incidents where RATs have been involved, are on the rise.

On 28 November, Vyacheslav Kopeytsev will be joined by Kirill Kruglov, Senior Research Developer, Kaspersky Lab ICS CERT on brighttalk.com, where they will present this material in a live webinar followed by a live Q&A session. Don’t miss this opportunity to hear about this attack vector and to learn about mitigating strategies directly from experts in the field.