meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, November 17th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 November 2016

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Troldesh #Ransomware; #Poisontap; #Symantec DLL Patch; #VMWare Patch;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, November 17th, 2016 edition of the Sands and Storm Center's Stormcast. My name's Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:12.6

Yesterday, Brad shared one of the latest ransomware attacks that he has seen in his environment. In this case, it was the Troll-Dash

0:21.7

ransomware that was delivered via malicious spam. The spam itself was in Russian, so mostly targeting

0:30.5

Russian users, of course, claiming to come from a Russian bank. The URL in the email looked

0:37.4

legit, but then of course course when you clicked on it,

0:39.3

you ended up somewhere else and you ended up downloading a screensaver file that was

0:45.6

sipped. If you unciped it, then you got infected with this troll-dash ransomware that, of course,

0:52.2

as typical for ransomware, encrypted your files. As typical for Brad,

0:58.0

he's sharing his indicators of compromise and files with traffic captures and also the malware

1:06.5

itself. For a while now, it has been known that a locked but unattended laptop can potentially

1:14.4

be compromised by plugging it into a USB Ethernet adapter. What's happening is that once you plug

1:22.5

into USB Ethernet adapter, of course with a network connection, then the laptop will reach out the

1:29.4

DHCP typically to then look for an IP address and it will start sending traffic out of

1:37.1

that USB connection. And since modern systems continuously do access various websites and like, for example, check for updates

1:47.1

that can be used by NetHacker to inject malicious content.

1:52.2

There hasn't really been an easy-to-use simple exploit for that.

1:57.0

Of course, it has also been exploited over Wi-Fi connections, but there is now a new little tool called Poison Tap that implements all of this in a little Raspberry Pi Zero.

2:09.6

So all you do is install the software, plug in a laptop, and you may or may not get access to things like cookies and the like that will

2:19.5

authenticate the user. There are sort of two sides to defend against this. First of all,

2:26.0

on the web server side, if you're a website and you're concerned about your users, make sure

2:31.3

you only allow HTTP and you only allow cookies with the secure flag

2:38.3

set. That will mitigate some of the problems here. On the users, on the client side, of course,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.