Hello, welcome to the Friday, December 10th, 2021 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Henry Jing today did publish an interesting blog post regarding some fishing messages on Discord. Of course,

fishing tends to follow users to whatever messaging platform they're using, so no real surprise

that they have now weaponized Discord as well. And this particular fishing attempt was a bit more on the sophisticated side.

First of all, the username used within Discord was security with a couple sort of sparkles

at the end.

But then they advertised free Nitro and offered a link that actually used the domain name

Discordgifts.1.

So something looking a little bit plausible.

If the user did reach the website that they advertised, they were then asked for billing information, credit card data,

which appear to be sort of real, the goal here to steal credit card information. And then in the

end, the user was sort of left hanging with a 500 error. Also kind of interesting if you

used the website without sort of the additional parts to the

URL that were posted to the channel, you were just directed to the legitimate Discord website,

and that of course, again, then makes that entire scam more plausible.

They also, in their domain name, sort of swapped the CNS, so DixS instead of Discord,

guess they wanted to avoid some of the automated tools that Discord usually uses in order to find these fishing sites

by, for example, looking

for newly registered domains or certificate transparency logs.

And Eclipse, a company that specializes on firmware security, did take a look at why

microtick devices are still so commonly being exploited. Well, the summary is, first

of all, they're attractive. Microtic, if you're not familiar with it, they're making switches

...