ISC StormCast for Tuesday, February 13th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 13 February 2024
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, February 13th, |
| 0:03.4 | 2004 edition of the Sandton and Storm Center's Stormcast. |
| 0:08.7 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.4 | Well, we got an interesting new variety of the Mirai Baud that has been hitting some of our honeypots lately, it does appear to add a new |
| 0:24.4 | vulnerability that at least based on my Googling appears to be affecting routers made by |
| 0:30.3 | byte value. Byte value is a Chinese manufacturer. There is always a chance that these |
| 0:37.2 | routers are being sold under different names as well and that similar vulnerabilities can be found in other routers that are not sort of obviously recognizable as made by byte value. |
| 0:51.3 | The underlying software development kit, the real tech software development kit that I believe is being used here based on the URL, had a number of similar vulnerabilities in the past. The vulnerability being exploited here is a simple code injection vulnerability that then downloads the actual Miribot that will then go out and |
| 1:15.0 | probe random IP addresses for various exploits. As I submitted the particular sample, |
| 1:24.1 | a two virus total. It was not already characterized binary. However, many antivirus |
| 1:31.4 | tools immediately recognized it as Mirai. And dark reading is quoting a proof point in |
| 1:39.0 | stating that they're observing an ongoing Asia cloud compromise that does target senior executives. |
| 1:47.8 | So it's not the Asia cloud that's so much compromised, but individual corporate accounts |
| 1:53.5 | that are being compromised here by exposing senior executives to fishing emails. |
| 2:00.2 | That has always been a little bit sort of a weakness here, |
| 2:04.3 | where senior executives are often not very technically savvy |
| 2:08.3 | or generally knowledgeable in order to recognize these fishing emails, |
| 2:13.8 | but sometimes do have excessive rights to some of these cloud environments. |
| 2:19.5 | So compromising their accounts is always an interesting target. |
| 2:24.6 | This particular wave of compromise apparently started back in November. |
| 2:30.0 | Two-factor authentication, if you ever heard of that, appears to be something that's really |
| 2:35.4 | useful in particular for people like vice president's CFOs, presidents, and CEOs that are |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.