Hello, welcome to the Friday, December 28th, 2018 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

One of the more common questions that we get when we are reporting about attacks and the like, as always, well, how many people are

actually affected by it? And usually it's, well, really sort of a guess game as to how many

people probably clicked on the link or received a particular email. In a recent case,

however, that a user submitted to us, a phishing email, interestingly, did include

a page counter.

This page counter was public.

It's usually intended to actually be displayed on the page itself.

And well, it shows that this particular ph fishing email did apparently convince almost 900 people

to click on it.

Now, we received the particular email on the 19th.

The IP counter that kept track of visitors to the fishing page has a peak on the 20th.

So just the day after the fish apparently was sent out, which makes

a lot of sense with sort of a tail off over the next few days.

Other than that, the email was actually not all that remarkable.

It was a fishing attempt against a German bank. It did require quite a bit of personal detail

from the victim, so not clear how many individuals actually fell for the full scam or just

clicked on a link out of curiosity. Now most attacks these days of course do arrive as an email and rely on users clicking on an attachment or like, but there are exceptions.

And one such exception is a recent run of the JungleSec Crypto ransomware.

In this particular case, the ransomware is actually looking for

unprotected IPMI interfaces. IPMI is this interface that a lot of motherboards include, in particular

on servers, that allows you to reboot the server and also provides you typically with full console access

...