ISC StormCast for Wednesday, October 25th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 24 October 2017
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, October 25th, 2017 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Berlin, Germany. |
| 0:11.9 | A quick reminder from Xavier today that a lot of malicious files are misrepresenting their file type by using an extension that does not reflect the actual type of the file. |
| 0:28.0 | Sadly, it isn't always easy to figure out the actual file type. |
| 0:32.7 | Now, many files identify themselves by a particular header, and we have tools like the Unix tool file in order to identify file types based on this header, but this isn't always true. |
| 0:46.0 | There are a few file types that are actually identified by a trailer. |
| 0:50.8 | So at the end of the file, we do have a marker identifying the file type and a couple |
| 0:56.9 | file formats have neither. Saville also is showing a couple of Yara rules. That's another way |
| 1:04.1 | how to identify file types either by trying to match the header of the file or by looking at any other indicators within the file that |
| 1:13.8 | will identify the file type. And it looks like yet another large ransomware campaign is hitting |
| 1:20.3 | Eastern Europe. This particular campaign has been named Bad Rabbit and one of the prominent victims is the Russian news agency |
| 1:31.5 | Interfax. Apparently this particular ransomware is spreading via fake flash player update pop-ups |
| 1:39.3 | that are being placed on various websites. Now once it it enters a particular network, it will move laterally |
| 1:47.7 | using the Eternal Blue exploit, as well as mimicads in order to collect credentials from memory. |
| 1:54.8 | In addition to Interfax and some other Russian businesses, apparently businesses in the Ukraine got hit as well. |
| 2:03.4 | And antivirus firm ESET is identifying this particular ransomware as yet another Petya variant. |
| 2:11.1 | And TLS continues to become more and more popular. |
| 2:14.6 | Google published its latest transparency report and is stating that between |
| 2:19.3 | 70 and 80% roughly of web traffic is now using TLS. The data was collected from Google Chrome |
| 2:27.2 | users. Now Google also published across its different web platforms and most of them are now in the 80-plus percent of |
| 2:37.2 | TLS users. |
| 2:39.0 | Android is actually the one platform that's a little bit behind as far as TLS goes. |
| 2:44.3 | And then there were a number of news reports, and we also got some emails today regarding |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.