STAR livestream with Katie Nickels: September 24, 2021 Episode NOTES

The SANS Threat Analysis Rundown (STAR) is an all-new live streaming series that brings you the inside scoop on cyber threats

September 27, 2021

STAR Livestream with Katie Nickels - September 24, 2021 Episode NOTES

Intro

Submit to the SANS CTI Summit 2022 CFP: https://www.sans.org/mlp/cti-summit-2022-cfp/
Centre for Cybersecurity Belgium (CCB) events: https://app.livestorm.co/ccb/

Ransomware

https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
Conti

Treasury sanctions: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921
BlackMatter attack on food distribution company: https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/
Not the cheese! https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/
Grief scare tactics: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/
Negotiation chat (mild profanity) that reflects how a lot of us feel sometimes: https://twitter.com/ddd1ms/status/1440766066871848966?s=19
On a lighter note: https://twitter.com/jckichen/status/1440061412215181318?s=20

Exploitation of recent vulnerabilities

Great piece by Patrick Howell O’Neill: https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
Zero days in the wild spreadsheet from Project Zero: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0
Threats exploiting the MSHTML vulnerability: https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
Top routinely exploited vulnerabilities list: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
https://ccb.belgium.be/en/vulnerability-policy

Grab bag of other reports

A new malware family with one of the best names ever: https://security-soup.net/squirrelwaffle-maldoc-analysis/
Jupyter backdoor that is pretty widespread: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
Flubot text message threat: https://www.safeonweb.be/en/news/beware-dangerous-flubot-virus-dont-click-suspicious-text-messages

TLP and information sharing

TLP Amber confusion: https://twitter.com/cyb3rops/status/1440690913919975433
https://www.cisa.gov/tlp

Recommended Training

Related Content

Digital Forensics and Incident Response, Cloud Security

Google Cloud Log Extraction

In this blog post, we review the methods through which we can extract logs from Google Cloud.

Digital Forensics and Incident Response

February 27, 2023

DFIR Origin Stories - Kevin Ripa

Never thought a career in IT would be one for you? Think again. That’s what happened to Kevin Ripa.

DFIR_ICON_(1).PNG

Blog_teaser_images_(23).png

Cloud Security, Digital Forensics and Incident Response

February 10, 2023

AWS Cloud Log Extraction

In this blog post, we discussed the acquisition of AWS CloudTrails logs stored in S3 buckets.