Uphuhliso lwakutsha nje kwiRaspberry Robin isoftwe baye bakhupha i-alamu phakathi koluntu lwe-cybersecurity, ebonisa ukunyuka kwe-stealth kunye nokusetyenziswa kosuku olunye (n-day) ukuxhaphaza okujoliswe kwiinkqubo ezisengozini. Le malware ephucukileyo, yaqala yachongwa ngo-2021, iye yavela ngokuhamba kwexesha, ibeka isoyikiso esithe gqolo ngeendlela zayo eziphucukileyo zokuphepha kunye nokuziqhelanisa ngokukhawuleza nobuthathaka obuvezwayo. Eli nqaku liphonononga ubuchwephesha be-Raspberry Robin, ekhanyisa ukukhanya kwizenzo zayo, iziphumo, kunye nelizwe elingumngeni elibonisa abakhuseli be-cybersecurity.
Ubume bobugcisa beRaspberry Robin
I-Raspberry Robin, eyafunyanwa ekuqaleni yiRed Canary, isebenza njenge imbungu isasazwa ikakhulu ngezixhobo zokugcina ezisuswayo ezifana ne-USB drives. Idityaniswa nabadlali abagrogrisayo abanje nge-EvilCorp kunye ne-FIN11, le malware iye yavela ngokuhamba kwexesha, ibandakanya ubuchule obutsha bokuphepha kunye neendlela zokusasaza, kubandakanya iifayile zogcino olukhohlakeleyo ngeDiscord.
Amaphulo akutsha nje eRaspberry Robin abonisa indlela entsonkothileyo yokuxhaphaza ubuthathaka be-n-day, obunje nge-CVE-2023-36802 kunye ne-CVE-2023-29360, ejolise kwi-Microsoft Streaming Service Proxy kunye neWindows TPM Device Driver. Ngokucacileyo, i-malware yaqala ukusebenzisa obu buthathaka kwakamsinya nje emva kokubhengezwa koluntu, ebonisa ukuziqhelanisa ngokukhawuleza kunye nokufikelela kwimithombo yekhowudi. I-agility eboniswe nguRaspberry Robin ekufumaneni nasekusebenziseni imisebenzi kamsinya nje emva kokubhengezwa kuphakamisa inkxalabo malunga nokusebenza kwayo kakuhle.
Ukongeza ekusebenziseni ubuthathaka, iRaspberry Robin iye yaphucula amaqhinga ayo okuphepha ukudlula ngokufanelekileyo amanyathelo okhuseleko. Iphelisa iinkqubo ezithile ezinxulumene noLawulo lweAkhawunti yoMsebenzisi (UAC) kunye neepatches APIs ukuphepha ukubhaqwa kweemveliso zokhuseleko. I-malware ikwasebenzisa amaqhinga okuthintela ukuvalwa kwenkqubo, iqinisekisa umsebenzi ongalunganga ongaphazanyiswa. Ngokucacileyo, ijonga ii-APIs ezixhonyiweyo, ebonisa indlela esebenzayo yokuphepha ukubonwa ngezixhobo zokhuseleko.
Ukufihla unxibelelwano lwayo, iRaspberry Robin isebenzisa imimandla yeTor, isenza uqhagamshelo lwayo lokuqala lubonakale lungenabungozi. Ngaphaya koko, iye yatshintshela ekusebenziseni i-PAExec.exe endaweni ye-PsExec.exe yokukhuphela umthwalo ohlawulelwayo, ikhulisa amandla ayo okufihlakala kunye nokuphepha ukubhaqwa.
Njengoko iRaspberry Robin iqhubeka nokuvela, ibeka isoyikiso esiqhubekayo kwi-cybersecurity. Ukukwazi kwayo ukuziqhelanisa ngokukhawuleza nokuba semngciphekweni okutsha kunye nokuphepha ukubhaqwa kufuna amanyathelo okhuseleko asebenzayo. Ingxelo ye-Check Point ibonelela ngezalathi zokuthotyelwa, imibutho yokuncedisa ekuchongeni nasekunciphiseni ingozi eyenziwa nguRaspberry Robin.
IiNdlela ezilungileyo zokuNqanda iRaspberry Robin
Ngenxa yobunzima beRaspberry Robin kunye nendalo yayo eguqukayo, isixhobo esilwa ne-malware esithembekileyo siyimfuneko ekubhaqweni nasekususweni. Abasebenzisi bayakhuthazwa ukuba basebenzise izisombululo zokhuseleko ezisexesheni ukuze baphelise ngempumelelo le malware.
IiNdlela eziPhambili zokuThintela usulelo oluzayo:
- Ukupeyishwa rhoqo: Gcina iinkqubo kunye nesoftware isexesheni ukujongana nobuthathaka ngokukhawuleza.
- Uqeqesho loKwazisa ngoKhuseleko: Ukufundisa abasebenzisi malunga nemingcipheko enxulunyaniswa nolunya oluncamatheleyo kunye namakhonkco.
- Ukwahlulahlula kweNethiwekhi: Sebenzisa ulwahlulo lwenethiwekhi ukunciphisa impembelelo enokubakho yosulelo lwe-malware.
- Uhlalutyo lwendlela yokuziphatha: Sebenzisa izisombululo zokhuseleko ezisebenzisa uhlalutyo lokuziphatha ukufumanisa imisebenzi engaqhelekanga.
- Isicwangciso sempendulo yesiganeko: Phuhlisa kwaye uhlaziye rhoqo isicwangciso sokuphendula isiganeko ukunciphisa impembelelo yokwaphulwa okunokwenzeka.
isiphelo
Ukuqonda ukuntsonkotha kweRaspberry Robin kunye nokwamkela amanyathelo okhuseleko asebenzayo ngamanyathelo abalulekileyo ekukhuseleni kwesi sisongelo sithe gqolo kwaye sivela. Hlala unolwazi, sebenzisa iindlela zokhuseleko olomeleleyo, kwaye usebenzise itekhnoloji yokufumanisa ephucukileyo ukukhusela kwindawo ehlala itshintsha yohlaselo oluntsonkothileyo lwe-malware.