ISC StormCast for Tuesday, November 10th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 10 November 2020
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, November 10th, 2020 edition of the Santernat Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:15.3 | Savier ran into an interesting set of malicious scripts on Virus Total that kind of show the progression of the script |
| 0:25.0 | as whoever is writing is continuously improving the script and adding new features or making |
| 0:33.8 | it more difficult to detect for antivirus. Interestingly, the attacked system is apparently |
| 0:40.8 | a macOS because it uses OSA script as part of the commands. It's executing. Also, the file itself |
| 0:51.1 | was submitted to virus total from a US IP address, but some of the references, |
| 0:58.4 | in particular, the name of the worksheets, is in French. |
| 1:02.4 | Some of it also looks more like the attacker is really just bling around with things like, |
| 1:07.4 | for example, using the macOS say command that can be used to speak text over |
| 1:15.3 | the system's speakers. Not clear if this was an actual attack or really part of a red team exercise |
| 1:22.5 | can really tell based on the relatively brief snippet that was submitted to VirusTorl. Most |
| 1:30.3 | the hackers stay away from VirusTorl because they know that their scripts will be shared |
| 1:37.3 | and Xavier will write them up. They typically use sort of their own similar systems that do not share results with antivirus vendors. |
| 1:48.4 | Let me have a good reminder from Kerski that Ransomware is still very much a thing for Linux systems. |
| 1:56.1 | I believe actually some of the early ransomware was really more targeting Linux than Windows. The particular |
| 2:03.4 | example that Kaspersky is looking at here is Ransom EXX. This particular ransomware does |
| 2:11.6 | show up on Windows and originally did focus on Windows but can now also be found used against Linux. |
| 2:20.3 | Of course, with many organizations using Linux systems, for example, for backups and as |
| 2:25.8 | file servers, it makes perfect sense for an attacker to go after these systems as well. |
| 2:40.7 | And Bleeping Computer is reporting that Microsoft is apparently warning select customers about fake advertisements for malicious Microsoft Teams updates. |
| 2:47.4 | These ads apparently are focusing on educational institutions currently, but have also targeted |
| 2:55.6 | other institutions in the past. And once installed, Cobalt Strike and also InfoSteelers are installed |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.