Hello and welcome to the Monday, January 27th, 2025 edition of the Sandcent,

and the Sunnet Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording

from Jacksonville, Florida. At the Internet Storm Center, we had another diary created by one of

our undergraduate interns. This time it was Joseph Flint writing about

how access brokers are maintaining persistence. Access brokers are just breaking the system

and then selling access to these systems to others, like, for example, ransomware actors, or really

whoever sort of needs a botnet for whatever. So it's really the initial phase of sort of

your Malware economy. One example that Joseph is pointing out here is SystemBC.

That's a botnet that's often associated with these access brokers and, well, how it reflects itself in our honeypots, some of the specific URLs related to SystemBC that people are scanning for.

But then also how to prevent infection

and how to detect infection,

which should not really be all that difficult.

There are plenty of intrusion detection rules out there,

as Joseph points out,

as well as, of course, usually these access brokers are using fairly

low-level and easy vulnerabilities. They're often using weak passwords, well-known web

application vulnerabilities, so some basic system hardening, and of course, course patching keeping your system up to date

goes a long way to prevent these initial infections and everything related to AI of course

is still getting a lot of news should get a lot of news given the rapid adoption of AI

tools everywhere one way how rapid adoption of AI tools everywhere.

One way how you adopt these AI tools is, well, by using various frameworks to create

applications around this.

...