Mains paper 3: Internal Security| Basics of cyber security
From UPSC perspective following things are important:
Prelims level: Gravity-RAT, CERT-In
Mains level: Rising incidents of malwares causing hacking of govt websites and ways to deal with them
A Malware designed by Pakistani hackers
- GravityRAT infiltrates a system in the form of an innocuous-looking email attachment, which can be in any format, including MS Word, MS Excel, MS PowerPoint, Adobe Acrobat or even audio and video files
- The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace
- The hackers first identify the interests of their targets and then send emails with suitable attachments
The RAT was first detected by Indian Computer Emergency Response Team (CERT-In), on various computers in 2017.
Features of RAT (Remote Access Trojan)
- It is designed to infiltrate computers and steal the data of users and relay the stolen data to Command and Control centers in other countries.
- The latest update to the program by its developers is part of GravityRAT’s function as an Advanced Persistent Threat (APT), which, once it infiltrates a system, silently evolves and does long-term damage.
- It lies hidden in the system that it takes over and keeps penetrating deeper
- According to latest inputs, GravityRAT has now become self-aware and is capable of evading several commonly used malware detection techniques.
Why is RAT so dangerous?
- The sandboxing technique is used to isolate malware from critical programs on infected devices and provide an extra layer of security.
- The problem, however, is that malware needs to be detected before it can be sandboxed, and GravityRAT now has the ability to mask its presence
- Typically, malware activity is detected by the ‘noise’ it causes inside the Central Processing Unit, but GravityRAT is able to work silently
- It can also gauge the temperature of the CPU and ascertain if the device is carrying out high-intensity activity, like a malware search, and act to evade detection
Problem with the data leaked
- The other concern is that the Command and Control servers are based in several countries
- The data is sent in an encrypted format, making it difficult to detect exactly what is leaked