Skip to content
Imran ViraniJul 28, 20225 min read

Security Impurities: News of the Week (July 22nd - 28th)

A Critter Pill to Swallow: Raccoon Stealer Malware is Back

A dangerous and widely circulated malware has returned, with features that have made it even more capable of stealing sensitive information from individuals and businesses alike. Here, we will inform you on what Raccoon Stealer 2.0 does and what you can do to protect against it.

What was Raccoon Stealer 1.0?

Raccoon Stealer 1.0 was a malware that could extract data in the form of cookies, login information, and other autofill data from web browsers, and had the capability to plunder cryptocurrency wallets. Presented MaaS (Malware as a Service) on the Dark Web, Raccoon Stealer proved to be quite popular among threat actors but was shut down in March of this year due to the death of a lead developer during the Russia-Ukrainian conflict. While Raccoon Stealer 1.0 was shut down, the remaining developers promised that a new, upgraded version would eventually become available, and recently that project has come to fruition.

What is Raccoon Stealer 2.0?

Released this past month, Raccoon Stealer 2.0 has all the capabilities of its predecessor, with added features that make it much more dangerous. First, it has the ability to target not only crypto wallets, but cryptocurrency plug-ins as well, making it much more adept at stealing cryptocurrency and related data. Raccoon Stealer 2.0's expanded targeting also allows it to steal sensitive data regardless of its location on a device, whilst keeping a list of the applications installed on a computer, giving hackers information on users and what files they may have on their system. This (In addition to its ability to take screen captures of a victim's computer) gives the malicious software spyware capabilities, furthering its potency.

How Can You Protect Against This Malware?

The best way to protect your computer systems against Raccoon Stealer 2.0 is to follow common sense security measures that protect against most malware attacks.

Take caution when opening a message sent from a suspicious account. Ensure your organization has dependable, continually updated anti-malware software installed on its systems. Be wary of using apps or software that is outdated, as that is Raccoon Stealer's main point of attack. These strategies won't make you impervious to external threats, but they will give you the best chance of keeping your data and files secure from cyber attacks.

Zoondoggle: Microsoft Outage

Cloud services are quickly being adopted and utilized by enterprises both large and small, but the inherent interconnectivity and vast dominion of the Cloud means that a relatively minor mishap can cause many dominoes to topple. The failure of an Enterprise Configuration Service (ECS) that resulted in a 5-hour worldwide outage of Microsoft 365 services this past week highlights this issue.

What is an ECS?

An ECS is an extremely fast and flexible container management system. It allows for a wide-ranging, cloud-based service like Microsoft 365 to make changes uniformly across its many programs.

The Cost of Cloud Failures

This failure, which Microsoft claims was the result of a "code defect that affected backwards compatibility with services that leverage ECS", originated in Microsoft Teams and cascaded to widely impact 365, with Microsoft Word, Forms, and Sharepoint being just some of the services that experienced issues. On the communication side, conferencing services like Teams and Skype were rendered unusable, with an estimated 300,000 calls being affected by this failure, primarily in the Asia Pacific region. Microsoft was quick to state its intention to allow Teams to revert to a previous ECS configuration in cases of an ECS failure, but this outage shows the risks associated with cloud computing, and the pratfalls of when businesses negate to implement business continuity planning when their primary provider goes down. Interconnectivity means nothing is on an island, and problems that in the past might have only affected a single service, device, or environment can now have far-reaching repercussions.

End-to-End Conniption: The Data Sovereignty Issue and How to Solve It

Despite issues like the Microsoft 365 outage, Cloud services are being increasingly utilized as organizations' workforces become more global. While once a company may have all its employees work out of a single location, nowadays it is not uncommon to collaborate with a fellow employee who resides in a different time zone, country, or hemisphere. The rise of global collaboration in the 21st century has raised significant issues regarding data sovereignty, and whether this sharing of information across borders with differing data and security regulations complicates an organization's security and data sharing capabilities. While it seemed like before a choice had to be made between domestic data security or global collaboration, an article in Cyber Magazine details how CISOs can utilize end-to-end encryption to ensure that an organization's data is secure, sovereign, and shareable.

What is End-to-End Encryption?

End-to-end encryption (E2EE) is an encryption method in which outgoing data is encrypted on a sender's device and decrypted once it reaches its intended destination. This is achieved through a public key, which can be shared so users can encrypt their data. The decryption process can then only be undertaken by the intended recipient using a corresponding private key. Unlike other forms of encryption, E2EE is structured so that only the sender and the receiver (the 'endpoints') can decrypt the data. This prevents third parties and intermediaries like ISPs or attackers from intercepting or deciphering the data being sent.

How Cyber Magazine Advocates Using E2EE

Written by Sébastien Roques-Shaw, the Cyber article states that E2EE is the key for CISOs to make their organization's data both secure and shareable, and also provides tips as to how to best implement E2EE. First, Roques-Shaw stresses the importance that the E2EE used is user-friendly, as employees are less likely to utilize an overly complex or clunky encryption method, particularly if it makes data difficult for the intended recipient to access. This ease of use is especially important due to the diversity of sensitive data organizations are privy to, along with the many different systems and services they use to share this data. This diversity makes it critical for CISOs to analyze whether the E2EE is workable on all platforms and with all forms of data, and whether it should be prioritized for use in only the most high-vulnerability environments. Next, Roques-Shaw implores CISOs to manage their encryption keys with a 'Zero Trust' security mindset to ensure only the intended recipients of data are able to decrypt it. Finally, the article acknowledges that privacy regulations are in a state of constant flux, and it is impossible for CISOs to know for certain how these regulations will affect security issues in years to come. Because of this uncertainty, it is crucial for CISOs to maintain open standards for data protection that are able to adapt to security practices across different time periods and borders. By following these steps, CIOs and CISOs will give their organizations the best opportunity to share their data globally and securely.