BlogLine

Businesses Beware of the Parallax RAT Trap

7/7/20

By: Peter Dooley

One of the newest and most potentially harmful malware campaigns, the appropriately named Parallax RAT, has been wreaking havoc on businesses of all sizes during this already trying time of increased remote work. RAT stands for “remote access trojan” and Parallax RAT is on the cutting edge of malware that is most often distributed through malicious attachments to camouflaged emails. The full control over an infected system that this remote access trojan gives hackers can and has been devastating to businesses storing sensitive client or employee information.

The sensitive personal, medical, and financial information gained by hackers using Parallax RAT can be sold on any number darknet markets or forums. Additionally, companies facing breaches of larger magnitudes have been forced to pay ransoms in Bitcoin in order to regain control of their sensitive data. Trojan threats like this one are nothing new and RATs have been used to gather information and steal credentials for nearly two decades; notable RATs that rose to popularity before Parallax include Agent Tesla, IvizTech, and RevengeRAT. Parallax RAT distinguishes itself by offering malicious actors a wider range of file types to phish for credentials as well as more efficient and sophisticated tools to camouflage attacks. The ease of use and ability to tailor communications using specific information are putting small businesses in increasing peril.

Recent accounts of certified public accounting firms being victims of the malware and having fraudulent tax returns filed using the CPA’s credentials illustrate the high stakes and complex risks associated with a Parallax RAT attack. If a breach does occur, the login credentials seized may be used to deliver the Trojan’s payload to the affected computer. Parallax is then installed and launches whenever a user logs into the system. At this point, the hacker has the ability to access the infected computer and can use a keylogger to copy or steal sensitive or valuable information. This scenario is even more worrisome as victims of a Parallax RAT attack are often completely unaware of the breach until they are notified through other means that sensitive data has been leaked.

To minimize these risks of a Parallax RAT attack or other cyber-attack, organizations should be vigilant in its defenses against malware. Training your workforce on identifying phishing emails, being skeptical of anything unsolicited, and not clicking on attachments or links from unknown sources, is critical and should be among your first priorities. Anti-virus should installed and up-to-date on all servers and endpoints within your network, in addition to intrusion detection software that identifies and alerts you to any suspicious activity. Also be sure that your organizations maintains regular backups of its data, stored separately and unconnected from your primary data repository, so you have the ability to restore files if you become infected with ransomware. Lastly, now is a good time to review your cyber liability insurance to ensure coverage is in place with appropriate limits and coverage for ransomware and other privacy events. In addition to the stress involved, cyber attacks can be costly and you will thank yourself later.

If you have questions or would like more information, please contact Peter Dooley at pdooley@fmglaw.com or a member of our Data Security, Privacy & Technology practice group.