Cylance vs. KONNI RAT

Threat Background

Remote access trojans (RATs) have been around for a long time and are one of the most common ways attackers can gain repeated access into your computer network. RATs commonly allow the malware author to run software, steal documents and data, take screenshots, and even capture every keystroke typed on your keyboard.

KONNI has been around for a few years but keeps rearing its head as it is currently under development, making it more capable of getting repeated access into networks.

Watch Cylance go head-to-head with KONNI here:

VIDEO: Cylance vs. KONNI RAT

Why Should I Be Concerned About RATS Like KONNI?

Every organization needs to have a proactive security plan to guard their networks against RATs such as KONNI. If a system in your network has been compromised by a RAT, chances are that the attacker has already gathered private information from your network that could be leveraged against your company – whether that data is used to hold you for ransom until you pay up, or used for other nefarious purposes, such as accessing passwords to gain even further access to critical data on your systems.

KONNI has been seen to be distributed through traditional email and web phishing campaigns. While KONNI uses social engineering techniques to dupe the user into running the malware, its intelligence gathering features are running in the background to gather information about the victimized computer, logging and saving your data along the way.

While running, KONNI gathers screenshots of what the user is doing and logs keystrokes – potentially capturing usernames/passwords or other vital information that can be used in future attacks. Attacks that leverage social engineering and then gather intelligence about the victim can be devastating for companies, as they can lead to a total account take over.

Often, these (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog