Hello and welcome to the Monday, March 17th, 2020-5 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

First I want to start out today with a quick congratulations to our Sands.edu graduates.

We had our commencement in D.C. on Saturday.

And, well, at this class, the class of 2024, we did graduate almost 500 students,

quite a ways from the early days where we had maybe two, three, five, I think, at some of the

first years. In Diaries this weekend, nothing really earth-shattering, some kind of interesting

scans for Trey Tech Vigr routers. These routers have been attacked for quite a few years now. Actually,

2024. There was a new set of vulnerability of us being released, but pretty much ever

sort of since 2020, they have been attacked, have been scanned for. What's a little bit different

here for these attacks is that they're quite a bit more aggressive than some of the earlier ones.

Looks like some Mirai variant picked up on this. And well, as far as I can tell, they're

actually malformed and don't work. Remember, attackers don't have SLAs. If they throw 100

exploits at you, one of them sticks,

and that's really all they need.

So I think they never really noticed that this particular exploit,

they added here recently, doesn't actually do anything.

At least that's my opinion here on it.

In the CGI dash bin part of the URL,

they omitted the dash, so it's just CGI bin.

I don't think that'll work for vulnerable routers.

I may be wrong, please tell me if there is some other exploit or so they're trying to take advantage of here.

...