Growth and commoditization of remote access trojans

Veronica Valeros (Czech Technical University in Prague) & Sebastian García (Czech Technical University in Prague)
live only
19:00 UTC on Day 2
THURSDAY 01 OCTOBER
In the last three decades there have been significant changes in the cybercrime world in terms of organization, type of attacks, and tools. Remote access trojans (RATs) are an intrinsic part of traditional cybercriminal activities, however they have also become a standard tool in advanced espionage attacks and in scams.

The overly specialized research in our community on RATs has resulted in a seeming lack of general perspective and understanding as to how RATs have evolved as a phenomenon. The lack of a more generalist research hinders the understanding and development of new techniques and methods to better detect them.

This work presents a new generalist perspective on remote access trojans, an analysis of their growth in the last 30 years, and a discussion of how they have become a commodity in the last decade. We found that the number of RATs increased drastically in the past ten years and that, nowadays, they have become standardized commodity products that are not very different from each other.

This talk will focus on three specific aspects of our research. First, we will present the first and most comprehensive timeline of the last 30 years of RATs. Second, we will present an overview of the commoditization of the most well-known RATs in 2019-2020. Third, we will discuss the types of attacks and attackers using RATs.
Veronica Valeros
Czech Technical University in Prague Veronica is a researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and Bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research at international conferences such as BlackHat, Virus Bulletin, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina, and co-founder of the Independent Fund for Women in Tech. She is currently a senior researcher at the Civilsphere project at the Czech Technical University, dedicated to protect civil organizations and individuals from targeted attacks.
Sebastian García
Czech Technical University in Prague Sebastian is a malware researcher and security teacher who has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyse network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and universities and working on penetration testing for both corporations and governments. He has been lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate who has worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.
arrow left Back

Growth and commoditization of remote access trojans

19:00 - 19:30 UTC Thu 1 Oct 2020
Veronica Valeros (Czech Technical University in Prague) & Sebastian García (Czech Technical University in Prague)
In the last three decades there have been significant changes in the cybercrime world in terms of organization, type of attacks, and tools. Remote access trojans (RATs) are an intrinsic part of traditional cybercriminal activities, however they have also become a standard tool in advanced espionage attacks and in scams.

The overly specialized research in our community on RATs has resulted in a seeming lack of general perspective and understanding as to how RATs have evolved as a phenomenon. The lack of a more generalist research hinders the understanding and development of new techniques and methods to better detect them.

This work presents a new generalist perspective on remote access trojans, an analysis of their growth in the last 30 years, and a discussion of how they have become a commodity in the last decade. We found that the number of RATs increased drastically in the past ten years and that, nowadays, they have become standardized commodity products that are not very different from each other.

This talk will focus on three specific aspects of our research. First, we will present the first and most comprehensive timeline of the last 30 years of RATs. Second, we will present an overview of the commoditization of the most well-known RATs in 2019-2020. Third, we will discuss the types of attacks and attackers using RATs.
Veronica Valeros
Czech Technical University in Prague Veronica is a researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and Bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research at international conferences such as BlackHat, Virus Bulletin, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina, and co-founder of the Independent Fund for Women in Tech. She is currently a senior researcher at the Civilsphere project at the Czech Technical University, dedicated to protect civil organizations and individuals from targeted attacks.
Sebastian García
Czech Technical University in Prague Sebastian is a malware researcher and security teacher who has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyse network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and universities and working on penetration testing for both corporations and governments. He has been lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate who has worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.