ISC StormCast for Sunday, October 22nd 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 22 October 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, October 23rd, 2017 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Berlin, Germany. |
| 0:12.5 | It's just about a year after we learned about the Mirai Botnet. Well, it turns out that we do have now sort of an evolution of this that moved |
| 0:24.3 | beyond simple passwords. This one has been named so far IoT Reaper and it does, unlike |
| 0:33.4 | Mirai, not rely on standard passwords, but use vulnerabilities predominantly in web applications in affected devices. |
| 0:44.0 | At this point, it looks like it's going after a good number of routers like Netgear D-Link links, also a couple of disk storage devices like sonology and a number of cameras netlap the company |
| 1:00.5 | that first reported about this did count nine distinct vulnerabilities that are being exploited |
| 1:07.6 | here they're seeing about 10,000 infected systems checking into command control |
| 1:13.9 | server. Now, this is still a very small number compared to even what's left over of |
| 1:20.8 | Mirai. But regardless, this is likely going to be the next wave of iot botnets that no longer use these very much |
| 1:31.9 | overused at this point default passwords and try to find vulnerabilities that just haven't been |
| 1:38.5 | patched yet and if past experiences any guidance here well patches are often not applied to these devices, |
| 1:46.0 | so even older vulnerabilities will likely be quite useful. |
| 1:50.0 | Checkpoint also reported about this botnet. |
| 1:54.0 | They're actually estimating more than a million infected systems. |
| 1:59.0 | Netlaps estimate maybe a little bit conservative in that it is really only |
| 2:04.7 | based on some command control servers. On the other hand, it would be very plausible that there |
| 2:11.3 | are multiple subbot nets that exist here that aren't necessarily all tracked by the same |
| 2:17.0 | command control infrastructure. |
| 2:19.3 | And we do have another siding of the Mac proton malware. |
| 2:24.4 | This time it came attached to a legitimate download of the El Media Player or Fulks. |
| 2:30.9 | So if you downloaded this software on October 19th from the official website or from |
| 2:37.9 | any other website for that matter, you probably need to double check to make sure that you |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.