meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, December 17th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 December 2021

⏱️ 8 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Contact Form Campaigns; BT vs. WiFi; Lenovo IMController; Log4j update #log4j #log4shell #lenovo

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, December 17, 2021 edition of the Sansonet Stormer's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:14.0

Brad today has news about the contact forums campaign. This campaign is particularly tricky in that it does send messages using a company's

0:24.7

contact form. So the message will arrive like any other message submitted via your contact form

0:30.7

that you may have on your website. And it then includes a threat that, well, there is some

0:37.2

kind of copyright infringement going on in your organization with a link where you can download evidence of this infringement.

0:45.6

And as usual, this Malware campaign also likes Google's cloud services, in this case storage..googleapis.com.

0:54.5

Multiple of these documents are hosted on Google APIs.com and it usually takes quite a while

1:01.5

for them to be removed if ever. The file downloaded is an ISO file. If you open it, you

1:08.5

are only seeing by default a document icon that points to what

1:14.6

looks like, at least based on the file name, evidence of whatever activity you're being

1:19.4

accused of. But it's actually a link and there are two hidden files in this directory. One is a

1:26.4

JavaScript file. One is a DLL. And if you're clicking on the link, then these files are being executed.

1:32.3

So a couple of tricks here that are being used to get the user to execute the malware.

1:37.3

First of all, it does not arrive as a normal email, but it arrives via a contact form.

1:43.3

So that usually means it's a little bit more trusted than just a random email.

1:48.2

The legal threat, of course, may help.

1:50.5

And then it uses a well-known, often trusted domain, Google APIs.com.

1:58.0

And the icons don't necessarily give away that you're actually executing software as you're

2:04.6

clicking and trying to open this file with evidence.

2:09.0

P-caps, melrose samples, and more can as usually be found in Brad's diary from today.

2:16.5

And then we've got an interesting new group of attacks against wireless chips now.

2:22.7

Before we get too excited about wireless one and billies, the threat model here is a little bit

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.