ISC StormCast for Thursday, March 23rd 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 23 March 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, March 23rd, 2017 edition of the Sandinert Storm Center's Stormcast. My name is Johannes Ulrich, |
| 0:09.1 | and I'm recording from Jacksonville, Florida. A group that identifies itself as the Turkish crime family |
| 0:16.8 | apparently got a hold of a large number of Apple iCloud credentials. |
| 0:22.6 | They claimed to have about 600 million username and passwords and 200 million of them |
| 0:28.6 | they verified as working and not being protected by two-factor authentication. |
| 0:34.6 | Now the Turkish crime family here is taking a little bit a different approach |
| 0:39.3 | on the idea of ransomware. Instead of sending ransom notes to individual users that are affected, |
| 0:47.4 | they send their ransom note to Apple and are demanding $150,000 in order to not go out and delete all the devices linked to these |
| 0:59.6 | Apple accounts. Now it's pretty hard not to link your Apple device to an ICloud account. You don't |
| 1:06.5 | necessarily have to allow logins via ICloud or having the device erased via iCloud, but in particular |
| 1:13.9 | the later is a common security feature in order to prevent your data from falling in the wrong |
| 1:20.0 | hands once a device has become stolen or lost. Your best bet at this point is probably to enable two-factor of vacation for your |
| 1:30.8 | iCloud account and you may want to change your password but not really sure how much that matters. |
| 1:37.8 | It's not really clear where they got the data from. So whether these are passwords that leaked |
| 1:43.9 | from other sources like other leaks |
| 1:46.6 | that just happened to work for iCloud as well because users reused passwords or if they got |
| 1:53.2 | fished, that's another common source for these passwords in particular for iCloud. And lastly, |
| 2:00.0 | whether or not they got leaked from apple itself but at this |
| 2:02.9 | point there is no indication that this happened another way to protect yourself of course may also be |
| 2:09.8 | to create an offline backup of your device in case it does get erased via iCloud, you still have that offline backup. |
| 2:19.7 | Robert Lee and Ben Miller from Tragos, an industrial control system security firm, |
| 2:25.8 | have done an interesting study looking at public data to see how prevalent ICS industrial |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.