BlackBerry Limited

BB

CA09228F1036

Software

Market Closed - Toronto S.E. Other stock markets 04:00:00 2024-04-19 pm EDT			5-day change	1st Jan Change
3.78 ^CAD	-2.33%		-10.21%	-19.57%

Apr. 15	Factbox-US, Canadian companies kick off 2024 with layoffs	RE
Apr. 15	Social Buzz: Wallstreetbets Stocks Mostly Higher Pre-Bell Monday; Nvidia to Advance, Apple to Open Lower	MT

BlackBerry Prevents: Racoon Infostealer

September 09, 2021

BlackBerry Prevents: Racoon Infostealer

RESEARCH & INTELLIGENCE / 09.10.21 / The BlackBerry Research & Intelligence Team

Share on Twitter
Share on Facebook
Share on Linked In
Email

Raccoon is an information stealing malware variant made available to subscribers through a Malware-as-a-Service (MaaS) arrangement. It targets Windows® users, seeking out and stealing their stored credentials.

Raccoon's authors retain full control of its source code and feature development. Through a TOR-based control panel, subscribers have access to a 'clean' build, which they can modify to customize its deployed configuration.

Harvested information will likely find value and potential buyers in underground forums hosted on the dark web. Examples of stolen information that could be sold or used for nefarious purposes include: credentials for file hosting that could be used to store and distribute other malware; corporate network access sold to ransomware groups; crypto wallets; and email addresses that could be used to contribute to current or future malspam campaigns.

VIDEO DEMO: BlackBerry vs. Raccoon Infostealer

BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.

BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are well-equipped to mitigate the risks posed by threat actors such as those behind Raccoon infostealer:

BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.
BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.
- BlackBerry recommends activating the following BlackBerry Optics rules to provide additional telemetry from a Raccoon malware attack: 
  - Win_cmd_cmdc_MITRET1059
  - Win_DelErase_Usage_MITRET1107
The BlackBerry® Mobile Threat Defense (MTD) solution prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager (UEM) with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment.
BlackBerry® Persona creates trust based on behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.
BlackBerry Guard customers are proactively protected from Raccoon malware attacks. Our 24/7 MDR solution customers receive: 
- Alerts monitored in real-time 
- Corrective policies applied while discovering gaps in policy implementation 
- Prioritized threat hunting 
- The latest threat intelligence for fast-moving threats

Prevention First

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.

BlackBerry Assistance

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.

Learn more about Raccoon Infostealer in our new deep-dive blog, Keep Your Paws Off My Data, Raccoon Infostealer.

Demo Video Transcription

'In this video, we will demonstrate the features of Raccoon, an infostealer offered as a Malware-as-a-Service (MaaS) for criminals. It has the ability to collect the victim's passwords, cookies, autofill data from all popular browsers, credit card data, cryptocurrency wallets, and more. Typically, it appears as a pirated or cracked version of legitimate software.

In this demo video, we have configured our machine in audit-only mode, so we can execute the same sample we analyzed in more detail on our recent deep-dive Threat Thursday blog for this threat.

Upon execution, you can see how Raccoon is oriented to be a silent malware that does not appear to affect the regular user experience. One of its main features is the ability to run most of its data collection process from memory; with our Memory Protection module we are to intercept this behavior.

If we conduct some root-cause analysis on this event, we can quickly see the process that occurs behind the scenes in memory.

First, it makes a series of DNS requests for its command-and-control server (C2), and as soon as it establishes a connection, migrates into operating system (OS) processes.

Right after that, it starts looking for credential information on any installed Internet browsers as well as collecting information to fingerprint the system, identify running processes, and more.

Administrators can configure BlackBerry Optics' automated response within our Context-Analysis Engine (CAE) to proactively respond to each one of these tactics, techniques and procedures (TTPs) and stop this threat in the earliest stage possible.

We can also intercept memory access with our Memory Protection module on BlackBerry Protect, but nothing beats our Temporal Predictive Advantage, which allows us to prevent these threats from executing in a matter of milliseconds - with no reliance on cloud connectivity or frequent virus-signature updates.

Let's travel back in time to 2015 (using a Cylance® AI math model not updated since 2015) and test this sample, along with an additional 60+ samples of Raccoon to see what could have happened. We will execute a loop to go ahead and try to execute each file inside this folder.

As you can see, BlackBerry® Protect powered by Cylance AI could have prevented all these variants many years before they ever existed.

Prevention is Possible, with BlackBerry.'

About The BlackBerry Research & Intelligence Team

The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.

Share on Twitter
Share on Facebook
Share on Linked In
Email

Back

Attachments

Original document
Permalink

Disclaimer

BlackBerry Ltd. published this content on 10 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 14 September 2021 15:51:05 UTC.

Latest news about BlackBerry Limited

Factbox-US, Canadian companies kick off 2024 with layoffs	Apr. 15	RE
Social Buzz: Wallstreetbets Stocks Mostly Higher Pre-Bell Monday; Nvidia to Advance, Apple to Open Lower	Apr. 15	MT
BlackBerry QNX, ETAS to Market Solutions for Software-Defined Vehicles	Apr. 10	MT
ETAS, BlackBerry QNX Join Forces to Support Development of Safety-Critical Functions for Software-Defined Vehicles	Apr. 10	MT
BlackBerry Brief: ETAS and BlackBerry QNX Forging Partnership to Provide "Safe and Secure Foundation" for the Software-Defined Vehicle	Apr. 10	MT
TSX extends record-setting run as mining shares climb	Apr. 09	RE
Toronto Stocks Advance; Tilray Brands Down on Outlook Cut, 3Q Misses	Apr. 09	DJ
BlackBerry gains on partnership with AMD for robotics systems	Apr. 09	RE
TSX pares gains after hitting record high on materials boost	Apr. 09	RE
BlackBerry Shares Jump on New Robotics-Focused Partnership with AMD	Apr. 09	DJ
Sector Update: Tech Stocks Mixed Premarket Tuesday	Apr. 09	MT
AMD: collaboration with BlackBerry in robotics	Apr. 09	CF
Exchange-Traded Funds Higher, Equity Futures Mixed Pre-Bell Tuesday on Caution Ahead of Inflation Data	Apr. 09	MT
BlackBerry Up Near 5% In US Premarket As It AMD Join Forces to "Advance Foundational Precision, Control" for Robotics Industry	Apr. 09	MT
BlackBerry Brief: Announced Earlier Tuesday Collaboration With AMD To "Advance Foundational Precision And Control" For Robotics Industry	Apr. 09	MT
BlackBerry Working With AMD to Create Robotics Platform	Apr. 09	MT
Communications Services Down as Paramount Gives Back Some Gains -- Communications Services Roundup	Apr. 04	DJ
RBC on Blackberry's Q4	Apr. 04	MT
Toronto Stocks Push Ahead; Dollarama Rises on 4Q Profit, Revenue Beats	Apr. 04	DJ
Global markets live: Novo Nordisk, Ocado, Walt Disney, Apple, Tesla...	Apr. 04
Exchange-Traded Funds, Equity Futures Higher Pre-Bell Thursday Amid Renewed Rate Cut Hopes	Apr. 04	MT
News Highlights : Top Company News of the Day - Thursday at 7 AM ET	Apr. 04	DJ
Stocks Gain in Pre-Market Trading as Investors Digest Powell's Comments; Asia Mixed, Europe Up	Apr. 04	MT
Social Buzz: Wallstreetbets Stocks Advance Premarket Thursday; BlackBerry, Trump Media & Technology Group to Open Higher	Apr. 04	MT
North American Morning Briefing : Focus Turns to -2-	Apr. 04	DJ

Chart BlackBerry Limited

Duration

Period

More charts

Company Profile

BlackBerry Limited is a Canada-based company, which provides intelligent security software and services to enterprises and governments around the world. The Company operates through three segments: Cybersecurity, IoT, and Licensing and Other. The Cybersecurity segment consists of BlackBerry Spark, BlackBerry SecuSUITE and BlackBerry AtHoc. The IoT business consists of BlackBerry Technology Solutions (BTS) and BlackBerry IVY. The Licensing and Other segment consists primarily of the Companyâs patent licensing business. The Companyâs core secure software and services offerings are its Cylance cybersecurity and BlackBerry unified endpoint management (UEM) solutions, collectively known as BlackBerry Spark. Its Cylance cybersecurity solutions include CylanceENDPOINT, an integrated endpoint security solution that leverages the Cylance AI model and OneAlert EDR console. The BlackBerry UEM Suite includes the Companyâs BlackBerry UEM, BlackBerry Dynamics and BlackBerry Workspaces solutions.

Sector

Software

Calendar

2024-06-24 - Annual General Meeting

More about the company

Income Statement Evolution

More financial data

Analysis / Opinion

BlackBerry Limited: Still a long way to go

December 21, 2023 at 12:09 pm EST

More Strategies

Ratings for BlackBerry Limited

Trading Rating

Investor Rating

ESG Refinitiv

More Ratings

Analysts' Consensus

Sell

Buy

Mean consensus

HOLD

Number of Analysts

Last Close Price

2.751 USD

Average target price

3.499 USD

Spread / Average Target

+27.19%

Consensus

EPS Revisions

Estimates Revisions

Quarterly earnings - Rate of surprise

Company calendar

Sector Security Software

	1st Jan change	Capi.
BLACKBERRY LIMITED	-19.57%	1.66B
PALO ALTO NETWORKS, INC.	-5.82%	90.72B
FORTINET, INC.	+8.32%	48.86B
GEN DIGITAL INC.	-10.17%	12.98B
CYBERARK SOFTWARE LTD.	+6.69%	10.03B
DARKTRACE PLC	+29.86%	3.68B
SANGFOR TECHNOLOGIES INC.	-26.10%	3.15B
HANGZHOU DPTECH TECHNOLOGIES CO.,LTD.	-26.93%	973M
ASIAINFO SECURITY TECHNOLOGIES CO.,LTD.	-32.93%	705M
RADWARE LTD.	-2.64%	679M

Security Software

BlackBerry Limited

Equities

BB

CA09228F1036

Software

BlackBerry Prevents: Racoon Infostealer

EPS Revisions