ISC StormCast for Tuesday, February 8th, 2022
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 8 February 2022
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, February 8, 2020 edition of the Sands and the Storms and Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.1 | Look at the slightly more interesting fishing email. Today, the email itself was relatively straightforward. It was one of those |
| 0:22.4 | D-HL. We need more details to ship your package phishing emails, but the fishing site was |
| 0:30.5 | hosted on what's sometimes called a distributed web platform or, well, not a hundred and sure if it's really Web 3, maybe it's |
| 0:39.9 | sort of more Web 2.5. The idea is that you have these distributed platforms hosting your content |
| 0:47.1 | to make it more difficult to take down. Since uploading files, like in this case an HTML file with JavaScript, is free, |
| 0:57.1 | this of course makes it an even more attractive target for fishing sites. The particular |
| 1:02.5 | service being used here is known as Skynet or SIA sky.net and the fishing site itself is, well, all HTML and JavaScript. |
| 1:15.2 | One way how they're trying to make things a little bit more plausible is by actually |
| 1:19.8 | including rendering of the company's website. |
| 1:25.5 | So at the end of the URL, you'll find your email address and then it takes |
| 1:30.1 | the main part of the email address, sends that off to a free service that creates an image of |
| 1:36.8 | the website and it then displaced that image as a background, making it a little bit look like |
| 1:43.9 | you actually are visiting your |
| 1:46.6 | homepage, and then there is this login page pop up on top of it. |
| 1:52.1 | Similar with the company logo, it's also being included. |
| 1:55.3 | Now, I have seen that many times before, and there are, again, services that this JavaScript connects to in order to |
| 2:03.4 | pull in the correct logo based on the email domain. Now as far as a takedown notices go with |
| 2:10.4 | these distributed web platforms, they should still work and via Discord I found an email address to report this to Skynet. |
| 2:20.4 | At this point, nothing has happened yet about 12 hour after reporting it. |
| 2:25.5 | I hope my email reporting it went through. |
| 2:28.6 | We had some issues where, well, it may have been flagged as a phishing email because of course it mentions the URL that was being used here. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.