ISC StormCast for Friday, September 22nd 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 22 September 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, September 22nd, 2017 edition of the Santernut Storm Center's |
| 0:06.6 | Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.2 | We did to receive more emails that claim to launch DDoS attacks unless the recipient is going to pay some Bitcoins. Well, at this point, we don't see |
| 0:25.6 | any evidence that these threats materialize if you're not paying. The latest wave of these |
| 0:32.6 | emails appear to be or claim to be associated with the Phantom Squad. |
| 0:37.9 | This particular group did launch some successful denial of service attack against Xbox |
| 0:44.2 | Life and Steam back in late 2015 and 2016. |
| 0:51.1 | But again, there is no evidence here that these new emails are at all associated with Fandom Squad, and at this point, it looks rather unlikely. |
| 1:02.7 | Nevertheless, in a couple of the Bitcoin accounts that were set up in order to receive payments, there are some Bitcoins, so it looks like they're |
| 1:13.3 | at least partially successful. Just as a reminder, there's absolutely no reason to give in and |
| 1:21.0 | pay off these ransom demands, even if you pay off. Really, the only thing you're signaling here is that you're an |
| 1:29.7 | easy target and they'll come back for more shortly. And one of the vulnerabilities that I told |
| 1:36.6 | you is must fix last week when Microsoft released its patch Tuesday was CVE 2017-8759. This was the RTF slash dot net vulnerability |
| 1:52.2 | in dot net that's typically exploited via RTF documents that are sent as email attachments. |
| 2:04.1 | Well, Fire Eye has blocked at length about this vulnerability and how it has been used in targeted attacks. Now, this week, Brad spotted it |
| 2:11.0 | in more widespread cybercrime attacks. In this particular case, Argentinian citizens were targeted. The email claimed to |
| 2:21.0 | come from the Argentinian tax authority, and it included an attachment that had a dot-doc extension. |
| 2:28.9 | So it looked like avert document, but was actually an RTF document that then used this vulnerability in order to execute |
| 2:38.7 | arbitrary code. |
| 2:40.2 | In Brad's case, the victim ended up with a version of Betabot and it was made persistence |
| 2:47.6 | via the Windows registry. |
| 2:50.2 | And then we got an update from Cisco regarding the sea cleaner malware that happened early this week. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.