Raspberry Robin Malware Stain Poses an Enigma to Researchers, BUFFERZONE Comes to the Rescue
By BUFFERZONE Team, 16/05/2022
By protecting endpoints from known and unknown malware BUFFERZONE, creates a safe workspace for individuals and organizations, making it an optimal solution for security providers and SMB’s
Security researchers at Red Canary recently discovered a new strain of malware, which they called Raspberry Robin, thought to have been active but undiscovered since September 2021.
Raspberry Robin infects computers via USB and other removable drives. Following an infected drive being connected to a computer, a series of commands are executed. This results in several unauthorized, potentially malicious activities including outbound network communication with external command & control servers and downloading and installing software packages on the endpoint. Raspberry Robin has so far been observed targeting mainly organizations with ties to technology and manufacturing.
At this point, Raspberry Robin’s origins and goals are unknown. It is yet unclear whether it would be used for ransomware, stealing information, DDOS or another known or unknown type of attack.
The Red Canary researchers list five different evasion techniques utilized by Raspberry Robin. They mention several detection opportunities; however, the detectable behaviors are executed by otherwise legitimate processes, which means that attempting to detect those behaviors would likely result in significant incidence of false-positive alerts, which has its own operational cost for organizations.
Once again, the limitations of detection-based security products are highlighted, when it comes to unknown or versatile malware. It is imperative that organizations who want to ensure a high level of security complement their detection-based products with a pro-active containment and disarming solution such as BUFFEZONE.
BUFFERZONE combines containment and isolation of processes and files from untrusted sources with disarming technology to ensure downloads and attachments cannot cause any unexpected behavior. Individuals and organizations can be secure in the knowledge that even if infected files reach their computers, they will be disarmed, with the malware removed; and, even if disarming fails, the files and malware will be contained and will not be able to cause any lasting damage.