Hello and welcome to the Tuesday, March 7, 2020,

edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Very quick diary by Manuel today.

Just talking a little bit about scanning S3 buckets,

making sure that your

permissions are all right for your data. Still seeing some leaks being published here and

there where companies haven't done that right. So certainly a good reminder to double check

if your permissions are set correctly.

When we talk about malware infecting routers, we usually talk about malware like

Mirai, for example, which infects millions of routers, is very noisy and usually going

after fairly simple vulnerabilities and often

targeting pretty much unmaintained home and small business devices.

Lumen now has an interesting threat that they're tracking that's going after a bit more

sophisticated routers.

These are TreyTech 2960 and 3,900 routers that are, of course, exposed to the internet and

vulnerable.

What's also sort of interesting is bots like Mirai, they try to infect as many devices as

possible, as quickly as possible, which

of course makes them very noisy. Lumen only observed about 2% of the total number of

routers actually being compromised, so they're more or less targeting very specific routers like they connected to specific organizations

and then they're not just scanning widely but they're also installing some stealthy malware

...