Catching a RAT by the tail

Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I’ll discuss how remote access threats can be exposed with the machine learning techniques I’ve covered in my two previous blogs. In this example, a manufacturing company experienced a breach of a shared engineering work station in its R&D department. A phishing email resulted in a Remote Access Trojan (RAT) backdoor being downloaded onto the system, which enabled the threat actors to escalate privileges and capture user credentials for everyone who had used the system. By the time the breach was discovered, a significant amount of information had been leaked out via FTP to…


Link to Full Article: Catching a RAT by the tail