Intuthuko yakamuva kuRaspberry Robin I-malware baye bahlaba ama-alamu phakathi komphakathi we-cybersecurity, okubonisa ukwanda kobuqili kanye nokusetshenziswa kwezenzo zosuku olulodwa (n-day) eziqondise izinhlelo ezisengozini. Lolu hlelo olungayilungele ikhompuyutha oluthuthukisiwe, olwaqala ukukhonjwa ngo-2021, luye lwavela ngokuhamba kwesikhathi, lubeka usongo oluqhubekayo ngamasu alo ayinkimbinkimbi okubalekela kanye nokujwayela ngokushesha ubungozi obusanda kudalulwa. Lesi sihloko sihlola ubunkimbinkimbi bobuchwepheshe be-Raspberry Robin, sinikeza ukukhanya ezenzweni zayo, imiphumela, kanye nesimo esiyinselele esiyivezayo kubavikeli be-cybersecurity.
Ukubuka konke Kwezobuchwepheshe kweRaspberry Robin
I-Raspberry Robin, eyatholwa okokuqala yi-Red Canary, isebenza njenge- imbungu ngokuyinhloko idluliselwa ngamadivayisi esitoreji akhiphekayo njengamadrayivu e-USB. Ihlotshaniswa nabalingisi abasabisayo abafana ne-EvilCorp ne-FIN11, lolu hlelo olungayilungele ikhompuyutha luye lwavela ngokuhamba kwesikhathi, luhlanganisa namasu amasha okubalekela nezindlela zokusabalalisa, okuhlanganisa amafayela anonya engobo yomlando nge-Discord.
Imikhankaso yakamuva ye-Raspberry Robin ibonisa indlela eyinkimbinkimbi yokusebenzisa ubungozi be-n-day, obufana ne-CVE-2023-36802 ne-CVE-2023-29360, eqondise Ummeleli Wesevisi Yokusakaza ye-Microsoft kanye Nomshayeli Wedivayisi ye-Windows TPM. Ngokuphawulekayo, uhlelo olungayilungele ikhompuyutha luqale ukusebenzisa lobu bungozi ngemuva nje kokudalulwa kwabo esidlangalaleni, okubonisa ukuzivumelanisa nezimo ngokushesha kanye nokufinyelela ekuxhashazweni kwemithombo yamakhodi. Ubuchule obuvezwe u-Raspberry Robin ekutholeni nasekusebenziseni izinzuzo ngemva nje kokudalula buphakamisa ukukhathazeka ngokusebenza kahle kwayo.
Ngokungeziwe ekusebenziseni ubungozi, i-Raspberry Robin ithuthukise amaqhinga ayo okubalekela ukuze idlule ngokuphumelelayo izinyathelo zokuphepha. Inqamula izinqubo ezithile ezihlobene Nokulawulwa Kwe-Akhawunti Yomsebenzisi (i-UAC) futhi inamathisele ama-API ukuze kugwenywe ukutholwa imikhiqizo yokuphepha. Uhlelo olungayilungele ikhompuyutha luphinde lusebenzise amaqhinga okuvimbela ukuvalwa kwesistimu, ukuqinisekisa umsebenzi ongalungile ongaphazamiseki. Ikakhulukazi, ibheka ama-API abanjwe umlutha, ekhombisa indlela esheshayo yokugwema ukutholwa ngamathuluzi okuphepha.
Ukufihla ukuxhumana kwayo, i-Raspberry Robin isebenzisa izizinda ze-Tor, okwenza ukuxhumana kwayo kokuqala kubonakale kungenacala. Ngaphezu kwalokho, isishintshele ekusebenziseni i-PAExec.exe esikhundleni se-PsExec.exe yokulanda ukulayisha okukhokhelwayo, ithuthukisa amandla ayo okufihla kanye nokugwema ukubonwa.
Njengoba i-Raspberry Robin iqhubeka nokuvela, ibeka usongo oluqhubekayo ku-cybersecurity. Ikhono layo lokuzivumelanisa ngokushesha nokuba sengozini okusha kanye nokugwema ukutholwa lidinga izinyathelo zokuzivikela ezisebenzayo. Umbiko we-Check Point unikeza izinkomba zokuyekethisa, esiza izinhlangano ekuhlonzeni nasekunciphiseni usongo olulethwa u-Raspberry Robin.
Imikhuba Engcono Kakhulu Yokugwema I-Raspberry Robin
Uma kubhekwa inkimbinkimbi ye-Raspberry Robin kanye nokuvela kwayo, ithuluzi elithembekile lokulwa ne-malware libalulekile ukuze litholakale futhi lisuswe. Abasebenzisi bayakhuthazwa ukuthi basebenzise izixazululo zokuphepha zakamuva ukuze kuqedwe ngempumelelo lolu hlelo olungayilungele ikhompuyutha oluyindida.
Izindlela Ezingcono Kakhulu Zokuvimbela Ukutheleleka Okuzayo:
- Ukupeyishwa Okuvamile: Gcina amasistimu nesofthiwe kusesikhathini samanje ukuze ubhekane nokuba sengozini ngokushesha.
- Ukuqeqeshwa Kokuqwashisa Ngezokuphepha: Fundisa abasebenzisi mayelana nezingozi ezihlobene nezinanyathiselwa ezinonya nezixhumanisi.
- Isegimenti Yenethiwekhi: Sebenzisa ukuhlukaniswa kwenethiwekhi ukuze ukhawulele umthelela ongaba khona wokutheleleka nge-malware.
- Ukuhlaziywa kokuziphatha: Sebenzisa izixazululo zokuphepha ezisebenzisa ukuhlaziywa kokuziphatha ukuze kutholwe imisebenzi engajwayelekile.
- Uhlelo Lwempendulo Yesigameko: Yakha futhi ubuyekeze njalo uhlelo lokuphendula isigameko ukuze unciphise umthelela wokwephulwa komthetho okungaba khona.
Isiphetho
Ukuqonda ubunkimbinkimbi be-Raspberry Robin kanye nokusebenzisa izindlela zokuphepha ezisebenzayo kuyizinyathelo ezibalulekile zokuzivikela kulokhu kusongela okuqhubekayo nokuguqukayo. Hlala unolwazi, sebenzisa izinqubo zokuphepha eziqinile, futhi unikeze amandla ubuchwepheshe bokubona obuthuthukile ukuze uvikele endaweni ehlala ishintsha yokuhlaselwa kwe-malware eyinkimbinkimbi.