The Fox is Guarding the Henhouse: Microsoft enters the MSSP Space
Microsoft has decided it's time to dip its big toe in the Managed Security Services Provider (MSSP) space with three brand new products, Microsoft...
Telephone
1 (877) 664-9379
Press "1" for Support
Press "2" for Sales
Press "3" for Finance
Headquarters
861 Lafayette Rd
Unit 4
Hampton, NH 03842
2 min read
Carl Keyser
:
May 6, 2022 3:05:53 PM
As if any well-minded cybersecurity professional would be trusting of the little buggers in the first place. Anywho, there's a new malware making the rounds. It's called Raspberry Robin and it lives almost exclusively on compromised USB drives.
The malware was first noticed in September of 2021 by the team over at Red Canary, a managed detection and response firm. According to researchers, the life cycle of Raspberry Robin is as follows:
What does that mean?
So, basically, Raspberry Robin lives on external drives, like USB drives, memory cards, whatnot. When they're plugged into a windows machine they being a process of downloading a payload. After the payload is downloaded, the malware uses cmd.exe to execute it.
Raspberry Robin uses legitimate Windows utilities like fodhelper.exe, rundll32.exe to rundll32exe and odbcconf.exe to bypass the User Account Control (UAC).
Nobody's sure what Raspberry Robin actually does yet, however. Upon installation, the malware reaches out to various nodes associated with Tor. Red Canary has been unable to decipher what happens next, if anything.
"We also don't know why Raspberry Robin installs a malicious DLL," the researchers said. "One hypothesis is that it may be an attempt to establish persistence on an infected system."
How can you protect yourself?
The two things that come to mind first are these:
Why Security Awareness Training?
A healthy cybersecurity posture can only be formed on a strong foundation, made up of the combined efforts of a cyber security-minded workforce. If the workforce is aware of the threats posed by plugging in a seemingly random USB drive found on a sidewalk outside your place of business, malware like Raspberry Robin can't take hold in the first place.
No matter what you do, no matter what cybersecurity implementation you put in place, you'll only ever be as strong as your weakest link. By educating the masses (so to speak) you're bolstering every other cybersecurity endeavor you're putting in place to keep the business safe. You're closing gaps rather than opening them.
You can learn more about Security Awareness Training here: https://www.security7.net/solutions/managed-services/security-awareness-training
Why disable USB access on endpoints?
No matter what you do, there's going to be one meathead in the organization who either forgets their security awareness training or didn't care about security awareness training to begin with and likes to live life on the edge, plugging anything they find in immediately, just to see what's on it.
If you disable USB access on your endpoints, no matter what the meathead does, they won't be successful in their endeavor. In some cases, this might really be the only way to stop curiosity from killing that damn cat.
Microsoft has decided it's time to dip its big toe in the Managed Security Services Provider (MSSP) space with three brand new products, Microsoft...
As if any well-minded cybersecurity professional would be trusting of the little buggers in the first place. Anywho, there's a new malware making the...
Aamir Lakhani, a global security strategist, and researcher at Fortinet's FortiGuard Labs, has shared an article on ThreatPost where he discusses the...