As if you didn’t have enough difficulty maintaining your cybersecurity, now there is a masked bandit on the loose – for a fee!
Raccoon (a.k.a. Mohazo, Revealer and Legion) malware appeared out of the former USSR in early 2019, is still very active, is available on the dark web for approximately $200 per month, and has a development team which not only creates frequent updates (such as the ability to steal FTP server credentials) but which responds to user requests for enhancements (e.g., keylogger as a possible upcoming feature). The ease of use via a simple dashboard and excellent customer service, if you can believe that, make this malware a long-term threat to your information systems. Unfortunately, its popularity with hackers appears to remain quite steady.
What does Raccoon do? It is an information stealer operating as a MaaS (Malware-as-a-Service) model. Creeping in through phishing and other attack modes, it is able steal data from up to sixty (60) applications, including the leading web browsers.
It has also been used to access cryptocurrency, credit card and e-mail accounts, plus other applications through which data is gathered in order to perpetrate financial and identity fraud against victims. Once the desired information has been accessed, whether it be screenshots, OS data, system settings, or simply the usernames and passwords from various browsers and activities, the data is sent by zip file to the hacker. This ease of use has created over 100,000 infected devices since even the non-tech savvy can operate this malware.
As noted above, Racoon often arrives through phishing scams, ones which can take many forms. It can be deployed within attachments to e-mail spam, a Dropbox .IMG file or even as “bundled malware” wherein it is attached as a rider to a legitimate software download. However, the most popular distribution vehicle for this software is the use of exploit kits, which can deliver the malware without the user’s knowledge while the user does something as routine as surfing the web.
How can your IT personnel work to protect your company and resources from this threat?
As usual, the emphasis on employee awareness of the need to protect company assets by not opening suspicious content (including malvertisments which may occur on legitimate sites) must be paramount. Training staff to recognize and resist social engineering lures which attempt to bait those clicks is also necessary.
In addition, the BYOD/T (Bring Your Own Device/Technology) environments which allow employees to use their own software, hardware, and/or cloud storage may create a Shadow IT situation which opens your business to these attacks. Your entire IT team, and especially the IT security group, should be aware of this possibility and be active in using up-to-date firewalls and other pertinent software to diminish unauthorized accessing of your systems. For remote employees, your IT team should install on their devices the same antivirus, anti-malware and other safety software as is used by the business at large. Employees using hardware or software not recognized by the protocols implemented by IT should not be allowed system access.
Finally, since Raccoon also scans the caches created by browsers and apps as well as broken downloads, recent files, and other junk that is problematic or infrequently used, a proper repair tool that can sort through and delete these items is essential.
Never forget, your team’s knowledge and skill is an invaluable part of safeguarding your data and business. Proper use of antivirus, anti-malware and other tools to search for and destroy these types of programs is essential. Moreover, their understanding that these threats, especially the ever adapting Raccoon, require constant vigilance; ongoing cybersecurity training meant to thwart those who seek to wreak havoc within your business is vital to your security and peace of mind.
Be aware and take care!