Hello, welcome to the Friday, June 28th, 2019 edition of the Sands and it storms and its

Stormcast. My name is Johannes. All right. I'm recording from Riyadh, Saudi Arabia.

We have yet another Pricker bot making the rounds. Prickerbot usually refers to malware

that's trying to actually disable IOT devices.

The way they often do this is by just using the DD utility that's used to dump disk images

and overriding various partitions on the device.

Now in many cases in Internet of Things devices, these

partitions are actually not writable. So even if this particular bot runs as rude, it

typically doesn't do as much damage as it appears to do. In many cases, a simple reboot of

the device will restore them to their prior

state. Every couple of years or so, these kind of breaker bots make the news again. So,

this is yet another iteration of this basic idea. No new vulnerability involved here. It's still

mostly going after simple usames and

passwords via telnet or s pho. Of course given that the entire of miri family of melvair

has been adding more exploits like against popular web applications and such means that these exploits will likely

migrate to these precker bots as well and earlier yesterday in our Slack

channel Bruce pointed to a nice write-up by Cyber Reason about an attack that

they have been following that compromised a number of telecommunication providers.

I think what's sort of interesting about this attack is that when we talk about supply chain attacks,

these last couple of years it often was very focused on hardware and software vendors,

but suppliers of services are certainly part of this larger

threat. And of course, unlike with software and hardware, you can actually obtain a copy and

...