Cyber ​​danger Raspberry Robin

B2B Cyber ​​Security ShortNews

Share post

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin.

The malware was first discovered in 2021 and stands out for its remarkable adaptability and sophistication in its operations.

  • Rapid development of exploits: Raspberry Robin takes advantage of new 1-day Local Privilege Escalation (LPE) exploits that were developed in plain sight. This suggests either internal development capability or access to a very sophisticated exploit market.
  • Innovative distribution and circumvention techniques: A novel distribution method via Discord and sophisticated evasion strategies improve stealth, making detection by traditional security measures more difficult.
  • Adaptive communication and movement: Modifications to communication methods and lateral movement techniques have been developed to bypass behavioral signatures based on previous versions, demonstrating the malware's adaptability.

In a previous report, Check Point researchers examined Raspberry Robin as an example of detecting and countering various evasion methods. They discovered some unique and innovative methods and analyzed the two exploits that Raspberry Robin uses to gain higher privileges, showing that the malware also has capabilities in the area of ​​exploits.

Raspberry Robin Exploits

Two new 1-day LPE exploits have been introduced these days. The malware most likely either has access to a dedicated exploit developer or decent capacity to quickly develop exploits on its own. The distribution of the malware has also evolved: Discord is now used for distribution, marking a departure from previous methods that focused primarily on USB drives.

The constant improvements in malware introduce new features and evasion mechanisms aimed at remaining undetected by security defenses. The malware has subtly altered its communication strategies and lateral movement techniques to evade detection, underscoring its developers' commitment to evading security measures. Raspberry Robin's ability to quickly incorporate newly discovered vulnerabilities into its arsenal is further evidence of its high threat level, as it exploits vulnerabilities before many companies have deployed patches.

More at Checkpoint.com

 


About check point

Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.


 

Matching articles on the topic

Qcell: APT group Abyss publishes 5,4 terabytes of data

There has apparently been another major data theft at a German company. It seems to have hit the solar cell supplier Qcells. The APT group ➡ Read more

Air traffic control DFS attacked by hackers

The German Air Traffic Control (DFS) was attacked by hackers. According to initial findings, the target of the cyber attack was the administrative IT infrastructure. However, ➡ Read more

Phishing: Attacks with infostealers for data exfiltration

Threat analysts have observed phishing attacks that use an advanced, stealthy approach to obtain particularly large amounts of sensitive data ➡ Read more

Qilin ransomware steals login credentials from Chrome

During an investigation into a Qilin ransomware attack, the Sophos X-Ops team found that the attackers stole credentials stored in Google Chrome browsers on certain ➡ Read more

Most common malware index in July 2024

The latest Threat Index shows that RansomHub continues to be the most active ransomware group. At the same time, researchers have identified a Remcos Windows malware campaign that ➡ Read more

Microsoft closes vulnerability in Azure Health Bot Service

The critical vulnerability found in Microsoft's Azure Health Bot Service has now been closed. It involved a Server-Side Request Forgery (SSRF) ➡ Read more

Increased attacks on vulnerable Windows drivers

Cyberattacks on Windows via vulnerable drivers increased by almost a quarter (2024 ➡ Read more

Windows: Critical security vulnerability in the IPv6 network stack

Experts have discovered a critical security vulnerability in the IPv6 network stack in Windows with a CVSS score of 9.8. The vulnerability affects all Windows versions ➡ Read more