ISC StormCast for Monday, August 21st 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 20 August 2017
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, August 21st, 2017 edition of the Sands and its Storms anders Stormcast. |
| 0:08.0 | My name is Johannes Ulrich, and the day I'm recording from Virginia Beach, Virginia. |
| 0:13.0 | Renato looked at another interesting piece of banking malware. |
| 0:18.0 | In this particular case, actually, it goes beyond standard banking malware. |
| 0:23.5 | Usually banking malware is looking into stealing credentials, and definitely this banking |
| 0:29.5 | matter does so via an HTTP proxy that it installs on the user's system. So sort of a man in a |
| 0:37.1 | browser, man in the machine kind of setup that then allows the attacker to capture user names, passwords, and any one-time password tokens. |
| 0:48.3 | But in addition to that, this particular malware also installs remote access Trojan to essentially give the attacker full control over the system. |
| 0:59.2 | It does also steal additional credentials, like for example TV access credentials and a couple of other things that it happens to find on the system. |
| 1:09.2 | So in that sense, one of the more traditional Trojans banking |
| 1:13.9 | matter, which we still have quite a bit around. So with all the attention being paid to crypto |
| 1:20.6 | ransomware, there's still quite a bit of the more traditional info stealer, credential stealer, and banking malware out there. |
| 1:29.7 | And the second piece of malware from this weekend was one that Did he looked at. It's one of |
| 1:35.2 | these fake invoice messages that keep popping up from time to time. Kind of interesting in this |
| 1:41.9 | case was a Bay 64 encoded PowerShell script, |
| 1:46.2 | and as usual, D.E walks you through decoding these scripts. So if you ever run into this |
| 1:53.4 | yourself, you can replicate what they did here and decode whatever hit your users. |
| 2:00.3 | Starting, I believe, with the iPhone 5S, Apple started including a secure enclave with its iOS devices. |
| 2:08.6 | This secure enclave is a special separate CPU that is used to deal with secrets that are stored, for example, to lock the phone and also to |
| 2:19.6 | encrypt, decrypt data on the phone. The firmer running within that secure enclave is |
| 2:27.9 | encrypted itself as well. Now, as of Thursday, the encryption key that is used to encrypt that firmware has been leaked. |
| 2:37.6 | Now, this is not necessarily a huge deal with this encryption key. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.