ZuoRAT: Multi-stage Malware hits the Streets
A multistage remote access trojan that has been active since April is targeting SOHO routers from CISCO Systems, Netgear, ASUS and others. The malware is called ZuoRAT, and it can access the local LAN, capturing packers that are transmitted between devices, creating an excellent opportunity for a man-in-the-middle attack through DNS and HTTPS hijacking. The threat actors who are performing the attack are using evasion techniques consistent with a professional grade hacker. Research has linked the work to a possible state-sponsored actor based off the sophistication and techniques being used to carry out the attack. This malware specifically targets unpatched SOHO routers by using a multi-stage process. The malware starts by gleaning information about the device and the LAN it’s connecting to, then setting up packet captures, and sending the info back to a command-and-control (C&C), data dumping credentials, tables, and other data. That’s not all. There is more functionality that includes a second component full of auxiliary commands that will attempt to pull even more data off your home network. The component provides a LAN enumeration capability that is incredibly difficult to detect.
This kind of threat impacts people in their everyday lives, specifically because it is targeting small office/home office routers. These types of attacks saw an up spike at the dawn of COVID, since most small business owners and employees were forced to work from home. Since SOHO routers don’t really pack firmware with security in mind, they create a large attack vector. It’s fair to say that it impacts small business owners and people who work from home the most. Stay safe out there and update those routers!
Are you interested in learning how to defend against these types of attacks? You should consider the (ISC)² CISSP® (Certified Information System Security Professional) Certification. The CISSP certification is regarded as the Gold Standard in Information Security credentials.
This program is a comprehensive review course that assumes the student has a basic understanding of networks and focuses exclusively on the eight domains of knowledge as determined by (ISC)² CBK.
After completion of the course, the student will have a good working knowledge of the eight domains of security knowledge. Using this course, students prepare for the exam while, at the same time, obtain essential security knowledge that can be immediately used to improve organizational security. This is your best bet for making sure you’re properly prepared for tackling the CISSP certification and take on the challenges inherent in a world of constantly evolving information.