ISC StormCast for Thursday, January 12th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 12 January 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, January 12th, 2017 edition of the Sandsenet Storm Center's Stormcast. |
| 0:07.0 | My name is Johannes Orich, and today I'm recording from Jacksonville, Florida. |
| 0:11.8 | Pratt today explains what's behind some of the fake parking ticket notifications that you may have seen in your inbox. |
| 0:19.7 | Now, most people probably won't click on it, |
| 0:21.9 | but then again, hackers use these emails because they know there will be people that click on it. |
| 0:28.6 | And, well, what happens if you click on it, a downloader is installed after you enable the macro |
| 0:35.3 | in the Word document that's included with the email, that downloader will |
| 0:40.4 | then install the Wattrak backdoor. This is sort of more traditional backdoor. It's not |
| 0:47.8 | crypto ransomware. Of course, that could always come later. It gives NetHacker control over your system. |
| 0:55.0 | It does lower security settings, in particular in an explorer, disables your anti-matter |
| 1:01.8 | and also steals information from your system like passwords. |
| 1:07.4 | As usual, Pratt is sharing all the indicators of compromise, including full packet captures. |
| 1:12.9 | So take a look and go hunting and see if you find any copies of this that a user clicked on in your environment. |
| 1:20.8 | Personally, I find that anti-spam does a reasonable good job in getting rid of a lot of these emails. |
| 1:28.2 | But then again, there are always some slipping through. And one thread that you really shouldn't disregard is people |
| 1:33.9 | checking personal email accounts from work, like webmail accounts. And then of course, |
| 1:39.5 | they bypass a lot of the protections that you put into your mail servers with anti-spam and anti-malware. |
| 1:47.0 | And when I'm talking about SSL and how to configure it correctly, usually I remind people that |
| 1:52.1 | while you should not enable things like SL version 3, probably a much larger risk is certificate |
| 1:59.9 | authorities not appropriately checking who is actually |
| 2:04.1 | asking for the certificate. And we had yet another case this time it's GoDaddy. GoDaddy had to |
| 2:10.9 | revoke over 6,000 certificates, or at least they're saying over 6,100 customers were affected by this because due |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.