Connect with us

Hi, what are you looking for?

Tech & Science

In a flutter: Raspberry Robin malware causes cybersecurity alarm

Raspberry Robin, which caught headlines in May for its prolific worm-like spreading once a beachhead is established, has evolved its capabilities.

A woman blogs on her computer. - © Digital Journal
A woman blogs on her computer. - © Digital Journal

Microsoft has warned of a new types of malware, one that has triggered payload alerts on devices of almost 1,000 organizations since quarter 4 2022. The dangerous new code has been used to introduce ransomware.

The code is ‘Raspberry Robin’ and this unusually named worm malware has been involved in recent telecommunication attacks during December 2022. This includes telecommunication entities from Latin America, Oceania (Australia), and Europe. Raspberry Robin is typically introduced via infected removable drives, often USB devices. included Commonly the malware is associated with a ‘.LNK’ file and it is activated when this file reference is double-clicked.

Looking into this new cybersecurity threat for Digital Journal is Terry Olaes, Senior Technical Director at Skybox Security.

Olaes begins by looking at the specific threat and malware issues in general, noting: “Skybox Research Lab found that the malware industry has continuously churned an array of malicious software, including cryptojacking and ransomware programs, which increased by 75 percent and 42 percent, respectively, in 2021.”

With the recent incident, Olaes states: “Now Raspberry Robin, which caught headlines in May for its prolific worm-like spreading once a beachhead is established, has evolved its capabilities to improve detection evasion via fake payload drops if the malware detects sandboxing or being analyzed.”

Olaes’s analysis goes further into the origins of the malicious code: “This implant is also part of the larger malware ecosystem and has been observed being a part of a threat stack in several campaigns.”

In terms of how the threat becomes manifest, Olaes observes: “Threat actors often sell access to compromised networks to ransomware and malware platforms, including the recent attacks involving Clop gang, IcedID, Bumblebee and Truebot. In this recent update, Raspberry Robin has drastically improved its obfuscation layers (10 or more) and evasive capabilities, highlighting the constant innovation bad actors are able to employ while leveraging tried-and-true human behavior (inserting unknown USB drives) to establish access.”

In order to protect businesses from such incidences, Olaes  recommends: “It is essential that organizations adopt a proactive approach to vulnerability management that involves evaluating the entire threat landscape to identify exposed vulnerabilities. An essential step to reducing malware is to enhance the overall maturity of an organization’s vulnerability management program to ensure prompt remediation rather than a focus on time-consuming and costly reactive activities.”

Olaes also advises: “Additionally, implementing a solution capable of quantifying the business impact of cyber risk into the economic impact will help organizations determine the level of urgency.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Radiolab focuses on investigative journalism into science, tech and even legal history. Continuing with over 200 episodes.

Business

The report details the output from AI systems used to identify critical trends shaping the future of AML and financial crime prevention.

Tech & Science

The Internet Archive, an online repository of web pages, was offline Thursday after its founder confirmed a major cyberattack.

World

The Nobel Peace Prize was awarded to the Japanese anti-nuclear group Nihon Hidankyo, atomic bomb survivors from Hiroshima and Nagasaki.