Latest news with #RATs
Yahoo
3 days ago
- Science
- Yahoo
Student-led research deploys AI to spot stealthy Android malware
LAKELAND, Fla., June 6, 2025 /PRNewswire/ -- Researchers at Florida Polytechnic University have developed an artificial intelligence technique that can detect elusive malware known as remote access trojans (RATs) on Android devices. The breakthrough could help protect millions of users from cybercriminals who use RATs to steal personal information and control devices without detection. Nesreen Dalhy B.S. '23, M.S. '25 worked with Dr. Karim Elish, associate professor of computer science at Florida Poly, to identify new, more effective ways to detect this malicious software as part of her master's thesis. "RATs are a significant cybersecurity threat – they are particularly hard to detect, remain persistent and attempt to steal as much of your data as possible," said Dalhy, who has bachelor's and master's degrees in computer science from the University. "A lot of the existing research tries to identify general types of malware, but there isn't much that specifically tries to detect RATs." Dalhy, from Davenport, Florida, said RATs have been a problem for years, evolving alongside technology. They continually find new ways to stay hidden in smartphones and steal users' personal information. Androids account for over 80% of the world's mobile devices. "It can silently run in the background of your phone and spy on you without you realizing it," she said. "When you're using an app, you're just seeing whatever is on the screen and not everything that is going on, and that's what RATs take advantage of." It's under this cyber cloak that the malware can take control of an Android device to make calls, send messages, record audio or video, or even encrypt the device's files and demand a ransom. Dalhy and Elish trained a machine learning model to focus only on narrow samples of malware to identify and differentiate specific RAT patterns. By using different threat intelligence databases, they were able to analyze which malware exhibited RAT behavior and use RAT characteristics to highlight more of the smaller samples for detection. Elish, an expert on Android security, said three models they developed detected almost all RATS with 99% accuracy. The next steps for this work will be developing a mobile application based on its results and expanding the research model to detect a broader range of malware families to improve its utility and effectiveness. "Nesreen did amazing work that will have a lot of impact on the community," Elish said. "I am very proud of her work and that we are able to publish this and present it at an important conference." Dalhy and Elish presented the research at the industry-leading IEEE/ACIS International Conference on Software Engineering, Management and Applications in May. View original content to download multimedia: SOURCE Florida Polytechnic University
Tahawul Tech
08-05-2025
- Business
- Tahawul Tech
80% of cyberattacks in the Middle East lead to confidential data breaches
Positive Technologies, a leader in result-driven cybersecurity, has conducted a study on cyberthreats facing countries in the Middle East. The study examines the impact of digital transformation, the rise of organised cybercrime, and the dynamics of the underground market in the region. One in three successful cyberattacks in the Middle East was carried out by APT groups that commonly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions in the region boosts efficiency across industries, it also increases their exposure to cyberattacks. Cybercriminals heavily relied on social engineering (61% of cases) and malware (51%), often combining the two methods. Remote access trojans (RATs) were the primary weapon in 27% of malware-based attacks. The widespread use of RATs suggests that attackers often aimed to maintain long-term access to their victims' systems. The analysis shows that 80% of cyberattacks on organisations in the Middle East resulted in the breaches of confidential information. Hackers were mostly interested in credentials and trade secrets (29% each), as well as personal data (20%). In most cases, the stolen data was used for blackmail or sold on the dark web. The second major consequence of attacks (38% of cases) was the disruption of core business operations. Such disruptions were particularly harmful in sectors like healthcare, transportation, and government services, where even brief downtime can have serious real-world consequences. APT groups are the most dangerous threat actors in the region because of their significant financial resources and advanced technical skills. In 2024, these groups accounted for 32% of all recorded cyberattacks, with a particular focus on government institutions and critical infrastructure. These attacks often went beyond standard cybercrime, taking the form of cyberespionage or even cyberwarfare. Their goal was not only to steal information but to undermine trust in government organisations and demonstrate power in the digital realm. The analysis of the dark web revealed mentions of attacks on a wide range of industries in the region. Government organisations were the most frequently targeted (34%), followed by the industrial sector (20%). Hacktivists, in particular, were very active on underground forums. Unlike regular cybercriminals, they are driven by ideological motives rather than financial gain. They often share stolen databases for free, making the cybercrime situation worse by giving many other criminals access to the stolen data. The United Arab Emirates, Saudi Arabia, Israel, and Qatar—leaders in digital transformation—were the most frequently mentioned countries on the dark web. Experts point out that the frequent ads for selling stolen data from these countries highlight the challenges of securing expanding digital environments. Cybercriminals are quick to exploit the vulnerabilities that come with rapid digitalisation. Positive Technologies analyst Alexey Lukash said: 'In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty'. To help organisations build stronger defences against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritise, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Solutions such as PT Application Firewall and PT Application Inspector are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks. Positive Technologies emphasises the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organisations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes. Image Credit: Positive Technologies
