It always helps to be a little skeptical of any new USB drives appearing in the workplace, especially if you are security-minded. Distributing threats via USB drives is a common practice amongst hackers, and a new threat called Raspberry Robin has the potential to be a serious problem for unsecured businesses with poor security hygiene.
Discovered in Europe by the Red Canary intelligence analysts, Raspberry Robin has been causing problems for Windows users since September of 2021. If your organization uses the Windows operating system, then you will want to educate yourself on this threat so you can potentially dodge it in the future.
How Does Raspberry Robin Work?
Raspberry Robin works when an infected USB drive is plugged into a computer. It shows the user an infected .LNK file which executes a msiexec process through the command prompt. From here, a BAT file with two commands is executed, one of which manages Windows features and another which configures Open Database Connectivity. Combined they make for a rather difficult threat to detect.
MakeUseOf describes the attack process further: “Compromised QNAP NAS (Network-Attached Storage) devices are also exploited in the Raspberry Robin infection process, wherein the attacker uses HTTP requests that contain the victim’s user and device names after the .LNK file is downloaded. The worm uses a malicious DLL (Dynamic-Link Library) from a compromised QNAP device to gain access to and control over one’s system.”
How Does This Threat Spread?
Although this threat is known to spread through infected USB devices, it’s not currently known exactly how it spreads from one device to another.
What Is the Endgame Here?
Security researchers don’t know much about Raspberry Robin, and the end goal is just as unknown. A threat like this that lurks in the background and is able to hide itself effectively makes us think that it could be used to steal data or install further threats on networks, though.
Here’s What You Should Know
If you want to ensure that you stay safe from Raspberry Robin, we recommend that you treat USB devices and drives with caution. Basically, don’t go plugging in any old USB drive that you find on the side of the road or on the ground outside your office without first reporting it to IT for a security analysis. Even if it looks inconspicuous, be very wary of plugging in unknown USB drives.
Through comprehensive security solutions and educational training, Compudata can help your team be more cognizant and compliant with your organization’s security policies. We believe that the best way to keep threats from becoming bigger problems is through preventative measures. To learn more about how you can implement these for your business, contact us today at 1-855-405-8889.