1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Catching a RAT by the tail

Discussion in 'CSO' started by RSS, Jun 22, 2016.

  1. RSS

    RSS New Member Member

    Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I’ll discuss how remote access threats can be exposed with the machine learning techniques I’ve covered in my two previous blogs.

    In this example, a manufacturing company experienced a breach of a shared engineering work station in its R&D department. A phishing email resulted in a Remote Access Trojan (RAT) backdoor being downloaded onto the system, which enabled the threat actors to escalate privileges and capture user credentials for everyone who had used the system. By the time the breach was discovered, a significant amount of information had been leaked out via FTP to a foreign IP address.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page