Virtual private network (VPN) connections can provide a false sense of security, and two separate and newly discovered attack campaigns exploiting the much-vaunted corporate channel serve as a wakeup call for how attackers can abuse and use VPNs.
Meanwhile, enSilo researchers spotted a cyber espionage attack using a remote access Trojan (RAT) that among other things allows an attacker to log into a machine it infects using the user's legitimate credentials. The so-called Moker RAT disables and sneaks past antivirus, sandboxes, and virtual machine-based tools, as well as Microsoft Windows' User Access Control (UAC) feature.
Moker, which attaches itself to the Windows operating system and poses as a legitimate OS process, can be used by the attacker to operate "locally," according to enSilo. "Consider a scenario where the attacker logs on to the infected machine using the VPN credentials of a legitimate user. In that case, the attacker connects to the machine from remote – but locally controls Moker," says Yotam Gottesman, a senior security researcher at enSilo. "The attacker can then perform all the cyber espionage activities one imagines a RAT doing such keylogging, taking screenshots, monitoring Web traffic – and even altering it."
Read the rest of the article at Dark Reading.