fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Links Raspberry Robin Malware to Evil Corp Attacks

Microsoft Links Raspberry Robin Malware to Evil Corp Attacks

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

“On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections,” Microsoft revealed Thursday.

“The DEV-0206-associated FakeUpdates activity on affected systems has since led to follow-on actions resembling DEV-0243 pre-ransomware behavior.”

According to a threat intelligence advisory shared with enterprise customers, Microsoft has found Raspberry Robin malware on the networks of hundreds of organizations from a wide range of industry sectors.

Also Read: Revised Technology Risk Management Guidelines of Singapore

First spotted in September 2021 by Red Canary intelligence analysts, it spreads via infected USB devices to other devices on a target’s network once deployed on a compromised system.

Redmond’s findings match those of Red Canary’s Detection Engineering team, which also detected it on the networks of customers in the technology and manufacturing sectors.

This is the first time security researchers have found evidence of how the threat actors behind Raspberry Robin plan to exploit the access they gained to their victims’ networks using this worm.

DEV-0206 to Evil Corp handover
DEV-0206 to Evil Corp handover (Microsoft)

Evil Corp, ransomware, and sanctions evasion

Evil Corp, the cybercrime group that seems to take advantage of Raspberry Robin’s access to enterprise networks (tracked by Microsoft as DEV-0243), has been active since 2007 and is known for pushing the Dridex malware and for switching to deploying ransomware.

From Locky ransomware and its own BitPaymer ransomware strain, the threat group has moved to install its new WastedLocker ransomware starting in June 2019.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

From March 2021, Evil Corp moved to other strains known as Hades ransomwareMacaw Locker, and Phoenix CryptoLocker, finally being observed by Mandiant deploying ransomware as a LockBit affiliate since mid-2022.

Switching between ransomware payloads and adopting a Ransomware as a Service (RaaS) affiliate role are part of Evil Corp’s efforts to evade sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) for using Dridex to cause over $100 million in financial damages.

After being sanctioned by the U.S. government in 2019, ransomware negotiation firms refused to facilitate ransom payments for organizations hit by Evil Corp ransomware attacks to avoid facing legal action or fines from the U.S. Treasury Department.

Using other groups’ malware also allows Evil Corp to distance themselves from known tooling to allow their victims to pay ransoms without facing risks associated with violating OFAC regulations.

Assuming a RaaS affiliate role would also likely allow its operators to expand the gang’s ransomware deployment operations and its malware developers with enough free time and resources to develop new ransomware, which is harder to link to Evil Corp’s previous operations.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us