meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, April 28th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 28 April 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MITRE ATT&CK Update; MSFT Ukraine Report; Nimuspwn; npm Package Planting

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, April 28, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich,

0:10.7

and today I'm recording from Jacksonville, Florida. Jan today took a look at a change made in the

0:18.2

version 11 of the Mider Attack Framework was released earlier this week.

0:23.4

And one of the changes here is that we now have an updated list of data sources that are relevant to detect a particular technique.

0:33.1

Of course, one way how the attack framework is often used is that you're looking at a particular technique being used by an adversary.

0:41.7

And then you try to figure out how to detect a use of this particular technique in your environment.

0:48.0

That's exactly where sort of these data sources come in, makes it now a little bit more straightforward to map a particular

0:55.6

technique to certain detection techniques that you may want to apply in order to detect

1:03.0

exploitation. Talking about TTPs, Microsoft has released a nice report summarizing attacks that they have observed in Ukraine so far

1:16.3

since the war with Russia started.

1:19.8

Now, there was a very spur of activity in the very beginning.

1:24.6

Week 1, they counted 22 incidents where an incident basically is an

1:28.9

organization being affected, not an individual system. Since then, it has actually become a little

1:37.0

more quiet with sort of two to six events per week. Overall, the numbers aren't really all that bad, in my opinion.

1:47.6

They're fairly small, but they're very focused on government organizations, of course,

1:53.1

and with that also on IT service providers, which of course are often used then in order

1:59.4

to gain access to, for example, government networks.

2:03.9

There were, of course, also a couple of ICS-related events, most recently, of course, in the Destroyer 2.

2:12.0

Another interesting part about this report is they sort of have some nice timelines comparing, for example,

2:18.2

military kinetic activity to cyber activity and also political events and cyber activity

2:24.7

and how the two sort of match up and intertwine.

2:29.3

The most visible part here was, of course, the wipers that were used to just destroy data, but there

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.