Remote access trojans (RAT) have been used in the past to launch cyberattacks against veterinary practices. Unfortunately, RAT attacks are not given the attention they deserve despite their use in launching attacks such as distributed denial-of-service (DDoS), ransomware deployment, User Account Control (UAC) bypass and general spying. This is why, in this section, we will analyze a new RAT named Borat, and how it can be used to attack veterinary practices.
What is Borat?
Borat is a new remote access trojan that has started appearing in the dark markets. The RAT programs promise easy to use features that can conduct UAC attacks, ransomware deployment, DDoS attacks and spy on the victim’s computer system.
Borat also has features that allow cybercriminals to stealthy stay inside a computer system by giving them complete control of their victims’ mouse and keyboard, access files, and network points. The program also promises its users that once deployed, the cybercriminals’ presence inside the computer system will be hidden.
According to recent research on the RAT program by Cyble, Borat is also highly customizable. Cybercriminals are able to choose modules they need to use during an attack with ease. The feature allows cybercriminals to create small payloads that feature precisely what they need for highly tailored attacks.
Features of the Borat remote access malware
The new Borat remote access malware has several features that are found in other RAT programs. Below is a look at some of these features and how they can be used against veterinary practices.
Keylogging
Keylogging is a feature that allows cybercriminals using the Borat trojan to access key presses of their victim’s computer system. For instance, each time you visit a website and enter logging details, a key logger is able to capture the details you are entering on the log-in fields and save them in a txt file. The txt file can then be accessed by cybercriminals, giving them access to your account, where they can do anything with it.
Today, veterinary practices have many accounts that can become vulnerable to the keylogging feature. This includes local networks that are password protected. When a practice owner tries to access the network and logs in, the details are sent to cybercriminals. Since the Borat application also gives them access to your computer system. They are able to use the details and laterally move in your network.
2. Ransomware deployment
Another feature that was found in Borat trojan was the ability to launch a ransomware attack using the program. The program allows cybercriminals to deploy ransomware payloads onto the victim’s computers and automatically generate a ransom note through Borat.
This feature is likely to be the most used by cybercriminals targeting veterinary practices. This is because, in most instances, cybercriminals are money-focused, and the only way to generate money is through ransomware attacks. Therefore, there is a high chance of a RAT being used against your veterinary practices.
3. DDoS
Distributed denial of service attacks involves directing garbage traffic to servers with an aim to bring it down. In the past, such attacks have been used against websites. However, the attacks are now increasingly being deployed against local computer networks that institutions rely on. The feature can be used against veterinary practice’s resources such as cloud services, networks and servers. It can also be used as a way to disrupt services for your veterinary practices.
4. Spying
Spying is one of the core features of any RAT program. These programs are able to audio record your conversations on your devices without your knowledge. Cybercriminals can also open your webcam and record you without your knowledge.
The remote desktop feature that allows cybercriminals to start and perform file operations, use input devices, execute code and launch applications can also be referred to as spying. If the feature is used against veterinary practices, it would mean that cybercriminals are able to access your entire network, including your cloud services and practice management systems. It also means that your practice plans, schedule and goals can easily be stolen and sold on the dark web. Your client’s information can also be compromised and sold on dark markets.
5. Other features
Features such as reverse proxy that allow cybercriminals to remain in your system undetectable are also in the Borat program. The program can also gather your device information such as the operating system, hardware, network information, e.t.c and use the information to compromise your veterinary practice.
The research by Cyble also showed that cybercriminals could use Borat to inject other type of malware, steal your credentials such as logging details in chromium-based browsers or even steal tokens if you have a discord server. All these features can be used against your practice, resulting in financial and legal damages.
Need help protecting your veterinary hospital from the latest cyber attacks?
Schedule a FREE call today with our founder, Clint Latham, to see how for as little as $150 a month you can turn a ransomware attack from a major disaster to a minor inconvenience.