Hello, welcome to the Tuesday, May 24, 2016 edition of the Sands International Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Seattle, Washington.

Rick found a real nice write-up about targeted attacks against Ruach.

Ruach is not very well known known but it is the largest and most

the government-owned defense contractor in Switzerland and as such of course

subject to a lot of the same target attacks that defense contractors see

around the world. In this particular case, the attack was discovered in January of 2016, but further investigation

did reveal that it began as early as September 2014.

Now the nice thing here is they did a real good job in releasing a detailed right up on the attack.

So I think it's a great example to learn from, to learn how these targeted attacks work,

and what kind of damage they cause, what kind of methods they use,

and how careful they are really to penetrate your network without really disturbing any unnecessary sensors.

So real good read if you're interested in targeted attacks and how to defend against them.

And what I like here is really a first person report, so it's written by Ruach itself. It's not something in a trade press or so that is trying to summarize the attack,

so lots of detailed technical background here.

And paste jacking is not really a new exploit, but one that I find is really a little bit underappreciated.

The exploit itself is pretty straightforward.

What you're doing is you're counting on a developer that will copy paste code from a website

into a shell or in this case into an editor.

So typically one would expect that whatever text you

highlight on a webpage and copy is what will end up in your clipboard. But that's not true,

strictly speaking. With some JavaScript tricks, you can actually send whatever text you want

...