Hello, welcome to the Wednesday, August 7th, 2019 edition of the Sansonet Stormsanders Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

Well, it's Blackhead and DefCon again, so lots of press releases from company trying to talk about what they sort of consider the latest attacks

and vulnerabilities. One release that sort of stuck out a little bit is one from Microsoft Security

Response Center. It's talking about how earlier this year a company was breached via internet of things devices. In this particular

attack, a voice over IP phone, an office printer and a video decoder were used in order to

maintain persistent access to the victim's network. Now not a ton of details here but they did release out of the little bash one-liner that

was used to actually establish the command control channel.

Pretty straightforward, pretty simple, really just of an SSL connection on port 443 and not HTP.

So it was not HPS, it was just sort of TCP over TLS.

Pretty simple, pretty straightforward and certainly effective.

There are a number of indicators of compromise that Microsoft made public like five IP addresses

of command and control servers related to this attack.

Similar attacks we have seen in the past, but nothing sort of quite as sophisticated and

deliberate.

I remember sort of one of the early video camera compromises that we have seen was used,

for example, to then reach out to internal disk storage devices. And then, of course,

there has to be another specter variant.

This time it was researchers at Bit Defender who uncovered this particular method to exploit

the specter flaw which of course deals with speculative execution and they doubted the

swap GS vulnerability based on the instruction swap gs that's being used here

...