Hello, welcome to the Tuesday, December 12, 2017 edition of the Sancton Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Washington, D.C.

This weekend, Brad came across some malware that tricks the user into installing a crypto coin miner on systems.

This is actually not really using an exploit. It just a rinked. into installing a crypto coin miner on systems.

This is actually not really using an exploit.

It just arrives claiming to be a viewer for pornographic images and then tricks the user into installing the software.

I've mentioned a few times already that as the value of these crypto coins goes up,

this really becomes the new way how the bad guys are monetizing their skills. We see less things

like crypto ransomware, even though they're still out there or things like installing just

bots on systems.

These crypto coin miners are really a much more efficient waste right now,

how bad guys can make money using your resources.

And if you're a user of Microsoft's ERP software, also known as Microsoft Dynamics, then you probably heard that

this software is now also available in a software as a service offering, where essentially

Microsoft does deploy this software in Azure for you, and you get control over the software

remotely.

Now in order to accomplish this, Microsoft actually sets up three different tiers for their customers,

one for development, one for integration, and finally one for the life production service.

For the development site, the customer actually has full RDP access to the virtual machine.

One developer, Matthias Glicka, actually took this RDP service to look a little bit around

the machine, and what he realized was that all of these

development or sandbox machines regardless of the customer are sharing the same wildcard certificate

this is asterix dot sandbox dot operations dot dynamics dot com so what this means is via RDP access. It was pretty trivial to extract the secret

...