Kill the (Bad) Rabbit in a Flash
The bad rabbit infecting victims through Adobe Flash needs to go
It’s rabbit season on the Web, and this “Bad Rabbit” ransomeware is as destructive to your internet browsing as Bugs Bunny was to Elmer Fudd.
I can’t get Elmer Fudd and his ‘wabbit’ killing jingle out of my head, but the newly discovered ransomware attack is far less entertaining to think about.
An interesting note reported in SecureWorld — the creators not only make reference to GrayWorm, but they named two of the scheduled tasks after the dragons in Game of Thrones.
Carl Leonard, Principal Security Analyst with Forcepoint Security Labs provided a visual mapping of the infection process in a recently released blog, NotNotPetya-Bad Rabbit.
“Most striking in this case is the ‘blunt instrument’ approach to running the malware on victim systems: NotPetya may have snuck onto user’s system by the back door, but Bad Rabbit needs an invitation (and potentially UAC approval as well),” Leonard said.
So how is the rabbit getting invited? Avihai Ben-Yossef, Co-Founder & CTO of Cymulate said, “Bad Rabbit hits its victims while they are browsing legitimate websites which have been infected.”
This latest attack doesn’t use any exploits. Instead, the user are duped into manually executing the malware dropper because it is disguised as an Adobe Flash installer.
Yes, users are essentially granting the malware excessive permissions through a Windows UAC prompt. “The malware spreads across the networks using tools such as the Windows SMB feature to help it get to additional endpoints,” Ben-Yossef said.
Just as Bugs burrowed into several different holes, driving Fudd to the brink of insanity, ‘Bad Rabbit’ was also trying to retrieve the passwords of other users on the network, said Ben-Yossef.
So what’s the impact on enterprise security? Per usual, if you have strong security measures in place, you should be fine. Still, global businesses are yet again feeling the impact of a ransomware attack.
“Organizations need to continuously verify that their security controls are updated and to spread awareness among their employees regarding the dangers and potential damages of these types of security breaches,” said Ben-Yossef.
If you are dealing with a vulnerability management crisis in the aftermath of this latest attack, you might want to read, a recent client alert published by Mayer Brown cybersecurity & data privacy attorney David Simon and his colleague Joshua Silverstein “Five Questions General Counsels Should Ask about Vulnerability Disclosure.”
More importantly, if you are not getting serious about security, you are a sitting target. The cost of a breach extends far beyond the ransom payment. Protect your business, your reputation, your customers, and your employees now.
Kill the rabbit before the rabbit destroys you.