FBI Smells a RAT, Warns Supply Chains to Take Precautions
As if supply chain professionals don’t have enough to occupy them these days, the FBI is warning that an ongoing malware campaign is targeting healthcare, software supply chain, energy and engineering organizations across the United States, Europe, Asia and the Middle East.
“The Kwampirs RAT [remote-access Trojan] is a modular RAT worm that gains system access to victim machines and networks with the primary purpose of gaining broad, yet targeted, access to victim companies to enable follow-on computer network exploitation activities,” the FBI explained in a notification to the private sector.
The bureau recommends several best practices for network security and defense, including:
- Employ regular updates to applications and the host operating system to ensure protection against known vulnerabilities.
- Establish, and backup offline, a “known good” version of the relevant server and a regular change-management policy to enable monitoring for alterations to servable content with a file integrity system.
- Employ user input validation to restrict local and remote file inclusion vulnerabilities.
The FBI noted that “Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products. Infected software supply chain vendors included products used to manage industrial control system (ICS) assets in hospitals.”