Hello, welcome to the Tuesday, September 17th, 2019 edition of the Sands and the Storms anders

Stormcast. My name is Johannes Ulrich. And I'm recording from Stockholm, Germany.

One of the ways how attackers are often evading antivirus and malvare engines is just to encrypt in their malicious

attachments and of course encrypted zip files have been around for a long time and many other

file formats also do support some form of encryption that is often used for this purpose.

Latest example is good old by now sextortion emails.

These emails, of course, have been flooding us for over a year now,

and the attackers are slowly, I think, running out of targets,

and also mail filters are getting better in identifying

these emails. So the latest example that DDA came across actually used an encrypted PDF.

This, of course, makes it more difficult to filter these malicious attachments unless you're able to just outright filter

encrypted PDFs, which may or may not work in your environment.

And adaptive mobile security broke a story that I probably should have covered yesterday,

just sort of missed it, and

they're calling it Sim Jacker.

Now, this particular attack is interesting in so far in that it really uses more a feature

of SIM cards than actually exploiting any features. Sim cards, as they're used in devices ever since GSM networks

introduced them are actually quite sophisticated little computers so it's yet another

processor yet another code environment that attacker can leverage to execute code and access features

in the phone. In particular, as far as Sim Jacker is concerned, SMS messages can be sent

to a phone and they can contain instructions that are then executed within the SIM card.

All this happens via a Sim Alines Toolkit browser or short SAT browser.

...