Raspberry Robin Now Spreading Through Windows Script Files

SecurityPlus · ‎04-12-2024

I was sent this article. It is amazing to me the amount of time that was invested in hiding the script and the related activity. Are there any tips or tricks to stopping melicious code like this?

https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/

xshkurti · ‎04-12-2024

@SecurityPlus
Check this link on how to be protected using FortiEDR
How FortiEDR protects against RaspberryRo... - Fortinet Community

SecurityPlus · ‎04-17-2024

Thank you. Sorry for the delay in responding. Curious if this malicious traffic were to try to pass through a well configured FortiGate if it would likely be stopped? If so, is there a particular firewall configuration that is particularly important to stopping this?

xshkurti · ‎04-18-2024

@SecurityPlus
Knowing the vulnerability behavior, which is known to spread with a USB stick, it already infects a PC. Then a legit traffic is sent to some C2 servers around the world.

In this case, FortiEDR would be the protection and not rely entirely on FortiGate alone.

But in any case, it is good if you consult some of our Security Experts that might help you better discuss your security concerns from design prospective

AEK · ‎04-18-2024

Even if this worm is cleanable by FortiEDR and not FortiGate, it seems that some harmful traffic related to it can be stopped by FortiGate's IPS engine.

Below a screenshot from my FG IPS signatures.

AEK