For the RogueRaticate malware, please write a short paragraph based on the given background and website info: The RogueRaticate campaign, otherwise known as FakeSG, was spotted by Proofpoint in May 2023 but its activity may date back to November 2022. It's the first major fake-browser-update campaign to emerge since SocGholish and typically leads to the NetSupport RAT being installed on the victim's machine. A month later in June, the first activity from the ZPHP campaign, also known as SmartApeSG, was spotted and finally made public in August by Trellix. Like RogueRaticate, ZPHP also most often leads to the installation of NetSupport RAT, which has been infecting machines since around 2017, according to SentinelOne. The most recent of the four campaigns is ClearFake, which was first spotted in July and made public in August by researcher Randy McEoin. Proofpoint characterized ClearFake as a campaign that drops infostealer malware and is able to tailor lures not just by the user's browser, but by their language too, widening its pool of targets.   Each campaign differs slightly in the way in which it delivers the lure and malware payload at the end, but they tend to follow a three-stage structure and all tailor their lures based on the user's machine and browser. The first stage sees a legitimate but compromised website injected with malicious code. Stage two refers to the lure and the traffic that goes between the attacker-controlled site and the user, which is filtered to prevent discovery. Stage three refers to the end payload being delivered. SocGholish's operators, TA569, use three different means of transitioning from stage one to stage two of the attack. Two of these involve using different traffic distribution systems (TDS) and the other uses a JavaScript asynchronous script request to direct traffic to the lure's domain. RogueRaticate and ClearFake use TDS only when the second stage is reached, underlining the differences between the campaigns. Proofpoint said the attack earns success because it understands the cybersecurity training most people receive, and uses that to craft a campaign that leans on end users' inherent trust of legitimate domains and brands. "In security awareness training, users are told to only accept updates or click on links from known and trusted sites, or individuals, and to verify sites are legitimate," it said in a blog post. "The fake browser updates abuse this training because they compromise trusted sites and use JavaScript requests to quietly make checks in the background and overwrite the existing website with a browser update lure. To an end user, it still appears to be the same website they were intending to visit and is now asking them to update their browser." Despite using a social engineering element, researchers noted that phishing isn't often used in any of the four campaigns – attackers aren't sending direct emails with links to the compromised sites, they're being shared by people over email during the course of their normal online activity. For organizations, it means the threat isn't just an email-based one, and users could feasibly find themselves on a compromised site by clicking a link returned by a search engine, for example. Proofpoint's advice is to rely on a multi-layered security strategy, including network detection and endpoint protection tools, as well as a robust security awareness program that educates users on the threat. Monitoring the indicators of compromise (IOC) is often a useful tactic for keeping malware attacks at bay but due to the frequency with which the campaigns change their infrastructure and details in their payloads, it can be difficult to rely on these. https://www.theregister.com/2023/10/18/malware_dropping_browser_updates/

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

For the RogueRaticate malware, please write a short paragraph based on the given background and website info:

The RogueRaticate campaign, otherwise known as FakeSG, was spotted by Proofpoint in May 2023 but its activity may date back to November 2022.

It's the first major fake-browser-update campaign to emerge since SocGholish and typically leads to the NetSupport RAT being installed on the victim's machine.

A month later in June, the first activity from the ZPHP campaign, also known as SmartApeSG, was spotted and finally made public in August by Trellix.

Like RogueRaticate, ZPHP also most often leads to the installation of NetSupport RAT, which has been infecting machines since around 2017, according to SentinelOne.

The most recent of the four campaigns is ClearFake, which was first spotted in July and made public in August by researcher Randy McEoin.

Proofpoint characterized ClearFake as a campaign that drops infostealer malware and is able to tailor lures not just by the user's browser, but by their language too, widening its pool of targets.

 

Each campaign differs slightly in the way in which it delivers the lure and malware payload at the end, but they tend to follow a three-stage structure and all tailor their lures based on the user's machine and browser.

The first stage sees a legitimate but compromised website injected with malicious code. Stage two refers to the lure and the traffic that goes between the attacker-controlled site and the user, which is filtered to prevent discovery. Stage three refers to the end payload being delivered.

SocGholish's operators, TA569, use three different means of transitioning from stage one to stage two of the attack. Two of these involve using different traffic distribution systems (TDS) and the other uses a JavaScript asynchronous script request to direct traffic to the lure's domain.

RogueRaticate and ClearFake use TDS only when the second stage is reached, underlining the differences between the campaigns.

Proofpoint said the attack earns success because it understands the cybersecurity training most people receive, and uses that to craft a campaign that leans on end users' inherent trust of legitimate domains and brands.

"In security awareness training, users are told to only accept updates or click on links from known and trusted sites, or individuals, and to verify sites are legitimate," it said in a blog post.

"The fake browser updates abuse this training because they compromise trusted sites and use JavaScript requests to quietly make checks in the background and overwrite the existing website with a browser update lure. To an end user, it still appears to be the same website they were intending to visit and is now asking them to update their browser."

Despite using a social engineering element, researchers noted that phishing isn't often used in any of the four campaigns – attackers aren't sending direct emails with links to the compromised sites, they're being shared by people over email during the course of their normal online activity.

For organizations, it means the threat isn't just an email-based one, and users could feasibly find themselves on a compromised site by clicking a link returned by a search engine, for example.

Proofpoint's advice is to rely on a multi-layered security strategy, including network detection and endpoint protection tools, as well as a robust security awareness program that educates users on the threat.

Monitoring the indicators of compromise (IOC) is often a useful tactic for keeping malware attacks at bay but due to the frequency with which the campaigns change their infrastructure and details in their payloads, it can be difficult to rely on these.

https://www.theregister.com/2023/10/18/malware_dropping_browser_updates/

 

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

Blurred answer
Knowledge Booster
Risks related to security
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education