ISC StormCast for Thursday, September 21st 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 21 September 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, September 21st, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich, the name recording from Jacksonville, Florida. The Locky Ransomware is just not going away, and also its script really doesn't change that much just really sort of some |
| 0:24.2 | subtle changes on Monday people reported and that they saw Locky with emails with the |
| 0:31.7 | subject line your payment and sip attachments well today we have a report here from Renato and a little write-up about it that changed the subject |
| 0:43.1 | to status invoice and the attachment is now a RAR file. |
| 0:48.1 | As typical for Locky once you unpack the attachment, you end up with a JavaScript file that will then download |
| 0:57.6 | the actual malware. |
| 1:00.0 | Well, overall, I think the best protection against Locky and a lot of these types of malware |
| 1:05.8 | is not to allow compressed JavaScript files as an adagement. |
| 1:10.9 | Don't really see a lot of valid uses for this. |
| 1:14.4 | Even being a developer doing quite a bit of bad development, myself with JavaScript. |
| 1:19.3 | Can't really remember when I ever sort of exchanged JavaScript in an email via a compressed |
| 1:25.7 | file. |
| 1:26.7 | For developers, there are really plenty of other ways how you can |
| 1:30.7 | exchange files that don't rely on attaching them to an email. And exposed Amazon S3 |
| 1:38.1 | storage is still a big thing and looks like it's not going away. The latest high profile victim here is WIRECOM. |
| 1:47.0 | Now, WIACOM is a big media company behind, for example, MTV and Nickelodeon. |
| 1:54.0 | And the S3 bucket exposed here didn't really contain customer data per se, but what researchers found instead |
| 2:03.6 | were really the keys to the kingdom here. It was a puppet repository. If you're not familiar |
| 2:10.6 | with puppet, puppet is a software that can be used to manage Linux servers in particular. And in this case, it had |
| 2:20.9 | passwords, access keys, and the like for these Linux servers. Also access credentials for |
| 2:27.4 | Biacom's AWS infrastructure, which of course could have been used for a widespread compromise. |
| 2:35.8 | Appears that the researchers here were quick enough to notify why I come before any significant |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.