Experts Insight On Adwind jRAT Variant

Security researchers became aware of a new variant of Adwind jRAT, a remote access Trojan that uses Java to take control and collect data from a user’s machine–namely login credentials. Malware that takes advantage of common Java functionality is notoriously difficult to detect or detonate in a sandbox for the simple fact that Java is so common on the web. In fact, any effort to block or limit Java would result in much of the internet breaking down–a non starter for users who increasingly rely on rich web apps or SaaS platforms for their day-to-day responsibilities.

 

Experts Comments

October 31, 2019
John Handelaar
VP EMEA
Gurucul
The only way to quickly identify and block this sort of attack would be by using behaviour analytics to identify the anomalous behaviour, as well as the use of automation and orchestration to automatically block the transactions or traffic flow. When attackers manage to hijack legitimate access rights, they can remain undetected for extended periods of time. Many organisations don’t have the ability to identify subtle behavioural anomalies that are indicators of cyber threats. But with.....Read More
The only way to quickly identify and block this sort of attack would be by using behaviour analytics to identify the anomalous behaviour, as well as the use of automation and orchestration to automatically block the transactions or traffic flow. When attackers manage to hijack legitimate access rights, they can remain undetected for extended periods of time. Many organisations don’t have the ability to identify subtle behavioural anomalies that are indicators of cyber threats. But with advanced machine learning algorithms it’s possible to spot behaviours that are outside the range of normal activities and intervene before the damage is done. Using behaviour analytics allows the businesses to quickly identify and remediate threats while searching for the compromised account(s) or machines.  Read Less
October 31, 2019
David Kennefick
Product Architect
edgescan
The best defence against malware delivered via email and web is a combination of education and technology. An email gateway technology should always be in place. Organisations should start with their email provider and work from there. Per device firewalls and malware detection tools may eliminate threats that make it past the first line. Employing password managers and forcing multiple factors of authentication can also slow down an attacker if they manage to get credentials. Furthermore,.....Read More
The best defence against malware delivered via email and web is a combination of education and technology. An email gateway technology should always be in place. Organisations should start with their email provider and work from there. Per device firewalls and malware detection tools may eliminate threats that make it past the first line. Employing password managers and forcing multiple factors of authentication can also slow down an attacker if they manage to get credentials. Furthermore, running a malware scan will help pick up the known malware. The scanning tool will need to be maintained and updated in order to provide the most secure web presence. Many malware technologies successfully utilise masking and obfuscation to avoid detection. This may require logging and monitoring as well as regular scanning in order to detect and eliminate the threat. If you can't disable Java, providing comprehensive security training to employees can significantly reduce the risk of a successful infection. Training people to only interact with PDFs and mails that they are expecting is the first and possibly most comprehensive way to block threats coming through that avenue.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts