Zvichangobva kuitika muRaspberry Robin malware vakaisa maaramu mukati me cybersecurity nharaunda, zvichiratidza kuwedzera kubira uye kushandiswa kwezuva rimwe (n-zuva) zviitiko zvinonangana nenjodzi masisitimu. Iyi malware yepamberi, yakatanga kuzivikanwa muna 2021, yakashanduka nekufamba kwenguva, ichiisa kutyisidzira kwakasimba nehunyanzvi hwayo hwekunzvenga uye nekuchimbidza kuchinjika kune kuchangobva kuburitswa pachena. Ichi chinyorwa chinoongorora hunyanzvi hwekuomesera kweRaspberry Robin, ichijekesa zviito zvayo, mhedzisiro, uye yakaoma mamiriro ayo inopa kune vanodzivirira cybersecurity.
Technical Overview yeRaspberry Robin
Raspberry Robin, yakatanga kuwanikwa neRed Canary, inoshanda se worm inonyanya kutapurirwa kuburikidza nemidziyo inobvisika yekuchengetedza senge USB madhiraivha. Yakabatanidzwa nevatambi vekutyisidzira vakaita seEvilCorp uye FIN11, iyi malware yakashanduka nekufamba kwenguva, ichibatanidza hunyanzvi hwekunzvenga nzira uye nzira dzekuparadzira, kusanganisira dzakaipa mafaera ekuchengetedza kuburikidza neDiscord.
Mishandirapamwe ichangoburwa yeRaspberry Robin inoratidza nzira yakaomesesa yekushandisa n-zuva kusagadzikana, seCVE-2023-36802 uye CVE-2023-29360, yakanangana neMicrosoft Streaming Service Proxy uye Windows TPM Device Driver. Zvikuru, iyo malware yakatanga kusimudzira kusagadzikana uku nguva pfupi mushure mekuburitswa pachena, zvichiratidza kukurumidza kugadzirisa uye kuwana kushandisa macode masosi. Iko kugona kunoratidzwa naRaspberry Robin mukutora nekushandisa zviwanikwa nguva pfupi mushure mekuburitswa kunomutsa kushushikana pamusoro pekushanda kwayo.
Pamusoro pekushandisa kusazvibata, Raspberry Robin yakasimbisa maitiro ayo ekunzvenga kuti afambe nenzira dzekuchengetedza. Inomisa maitiro akananga ane hukama neMushandisi Akaundi Kudzora (UAC) uye zvigamba APIs kudzivirira kuonekwa nekuchengetedza zvigadzirwa. Iyo malware inoshandisawo matekiniki ekudzivirira kuvharika kwehurongwa, kuve nechokwadi chekusakanganiswa kuita kwakashata. Zvikuru, inotarisa kune yakakochekerwa APIs, ichiratidza nzira yekunzvenga kuonekwa nemidziyo yekuchengetedza.
Kuvanza kutaurirana kwayo, Raspberry Robin inoshandisa Tor domains, ichiita kuti kubatana kwayo kwekutanga kuite sekusina mhosva. Uyezve, yachinja kushandisa PAExec.exe pachinzvimbo chePsExec.exe yekudhawunirodha mihoro, ichivandudza kugona kwayo uye kunzvenga kuonekwa.
Sezvo Raspberry Robin achienderera mberi nekushanduka, zvinoisa kutyisidzira kunoramba kuripo kune cybersecurity. Kugona kwayo kukurumidza kujairana nekusagadzikana kutsva uye kunzvenga kuonekwa kunoda matanho ekudzivirira akasimba. Chirevo cheCheck Point chinopa zviratidzo zvekukanganisika, kubatsira masangano mukuona uye kuderedza kutyisidzira kunoitwa naRaspberry Robin.
Maitiro Akanyanya Kudzivirira Raspberry Robin
Tichifunga nezvekuoma kweRaspberry Robin uye hunhu hwayo huri kubuda, yakavimbika anti-malware chishandiso chakakosha pakuona nekubviswa. Vashandisi vanokurudzirwa kuti vashandise zvigadziriso zvemazuva ano zvekuchengetedza kuti vabvise zvinobudirira iyi malware.
Maitiro Akanyanya Kudzivirira Kutapukirwa Neramangwana:
- Regular Patching: Chengetedza masisitimu uye software kusvika parizvino kugadzirisa kusasimba nekukasira.
- Chengetedzo Yekuzivisa Dzidziso: Dzidzisa vashandisi nezve njodzi dzine chekuita nehutsinye zvakabatanidzwa uye zvinongedzo.
- Network Segmentation: Shandisa network segmentation kudzikamisa kukanganisa kunogona kuitika kwehutachiona hwemalware.
- Behavioral Analysis: Shandisa zvigadziriso zvekuchengetedza zvinoshandisa maitiro ekuongorora kuti uone zviitiko zvisina kujairika.
- Chiitiko Response Plan: Gadzira uye gara uchinatsiridza hurongwa hwekupindura chiitiko kuti uderedze kukanganisa kwekukanganisa kunogona kuitika.
mhedziso
Kunzwisisa kuomesesa kweRaspberry Robin uye kutora matanho ekuchengetedza ekuchengetedza matanho akakosha mukudzivirira kubva mukutyisidzira uku kunoramba kuripo uye kuri kubuda. Gara uine ruzivo, shandisa maitiro ekuchengetedza akasimba, uye wedzera matekinoroji ekuona kuti uchengetedze kubva kune inogara ichichinja mamiriro ekurwiswa kwemalware.