Many organizations are training their employees how to recognize social engineering and how attackers will attempt to distribute malware to them. But research shows that even after a year of continuous security training for employees, the best possible result is 98 percent effectiveness. Now, consider an organization with 1,000 employees that has reached the best possible result: It still has at least twenty potential targets that an attacker can successfully trick into falling for a social engineering scam. Given that a breach can result from one employee making one mistake, it’s clear that organizations need tools to complement their cybersecurity training.
Remote Access Trojans (RATs) are an especially dangerous type of malware security teams must combat. RATs are typically downloaded onto a user’s device through social engineering. This can include planting a USB stick for an unsuspecting user to put into their computer, conducting a phishing attack, or hiding a RAT in a download like a torrent file for a movie or music. Once installed, RATs give attackers complete administrative control over a device, enabling them monitor user behavior, start a device’s webcam, access applications and documents, and more.
How a RAT Ends Up on Your Device
Social engineering is the basis for the distribution of most RATs, but it can come in a few different forms. Phishing remains popular, with attackers attempting to direct users to malicious websites that will infect the user with a RAT. In fact, 85 percent of all malspam contained a link to a malicious file download instead of a file attached to an e-mail. Vishing, a form of phishing that happens over the phone, is also common. An attacker may convince an employee they’re with the company’s IT department and need remote access to their computer. Once granted, they can gain administrative control of the device, enabling them to exfiltrate sensitive corporate data.
How Citrix Helps
Citrix Workspace not only provides secure, VPN-less access to all apps and data, but also web filtering capabilities that protects users when they visit sites with known risks. When visiting a site that presents unknown risk, Citrix Workspace can automatically redirect user session to Citrix Secure Browser, a virtual browser hosted in Citrix Cloud. This creates an air gap between the browser, the user, and your datacenter. This ensures that even if a user visits a site that distributes a RAT, the malware will never reach the user device or your datacenter.
While Citrix Secure Browser plays a key role in ensuring a RAT never reaches a user’s device, organizations must account for BYO or personal devices already infected with malware that are used for work. With no tools to detect or mitigate the malware, organizations run the risk of a data breach if an infected device accesses corporate apps and data.
Citrix Workspace offers app protection policies that help secure corporate data, even if a RAT is present on the endpoint. If the attacker attempts to access an application that has app protection policies applied to it, they’ll only get a blank screen in return. For example, let’s consider an employee of a hypothetical healthcare organization. They walk through the parking lot on their way to the office and find a thumb drive with their corporate logo on it. Thinking it belongs to a co-worker, they put it in the USB drive of their computer to determine the owner. Unfortunately, the thumb drive has a RAT on it, which has now been transferred to their computer. Even though the employee’s cybersecurity training fell short, app protection policies ensures the attack is not successful. When the attacker attempts to remotely access apps on the device via the installed malware, they’ll only get blank screens in return.
Alternatively, an attacker may try a vishing attack against a retailer. In this scenario, an attacker calls one of the retailer’s stores and falsely states they’re on the retailer’s IT team. They convince the employee they need to perform maintenance on one of the store’s computers, leading the employee to visit a site that will grant the attacker remote access to the computer. App protection ensures this is where the attack ends. Because the attacker is accessing the device remotely, they’ll only see blank screens, ensuring they can’t navigate through the apps that hold sensitive customer data.
Protect Your Organization Against RATs
Citrix Workspace Premium Plus customers are entitled to both Secure Browser and app protection, enabling them to deploy added security controls to protect themselves against RATs today. To learn how to deploy Secure Browser, please see the product documentation.
Similarly, Workspace Premium Plus customers with hybrid rights can deploy app protection for their on-premises Citrix Virtual Apps and Desktops. To learn how to deploy app protection, please reference the product documentation. Additionally, Citrix Workspace Premium Plus customers can participate in the preview for app protection for SaaS and web apps. Sign up for the preview today.
If you’re not currently entitled to app protection, reach out to your Citrix sales representative or partner for details on how to get it for your Citrix deployment.