STAR livestream with Katie Nickels: September 24, 2021 Episode NOTES

The SANS Threat Analysis Rundown (STAR) is an all-new live streaming series that brings you the inside scoop on cyber threats

September 27, 2021

STAR Livestream with Katie Nickels - September 24, 2021 Episode NOTES

Intro

Submit to the SANS CTI Summit 2022 CFP: https://www.sans.org/mlp/cti-summit-2022-cfp/
Centre for Cybersecurity Belgium (CCB) events: https://app.livestorm.co/ccb/

Ransomware

https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
Conti

Treasury sanctions: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921
BlackMatter attack on food distribution company: https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/
Not the cheese! https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/
Grief scare tactics: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/
Negotiation chat (mild profanity) that reflects how a lot of us feel sometimes: https://twitter.com/ddd1ms/status/1440766066871848966?s=19
On a lighter note: https://twitter.com/jckichen/status/1440061412215181318?s=20

Exploitation of recent vulnerabilities

Great piece by Patrick Howell O’Neill: https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
Zero days in the wild spreadsheet from Project Zero: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0
Threats exploiting the MSHTML vulnerability: https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
Top routinely exploited vulnerabilities list: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
https://ccb.belgium.be/en/vulnerability-policy

Grab bag of other reports

A new malware family with one of the best names ever: https://security-soup.net/squirrelwaffle-maldoc-analysis/
Jupyter backdoor that is pretty widespread: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
Flubot text message threat: https://www.safeonweb.be/en/news/beware-dangerous-flubot-virus-dont-click-suspicious-text-messages

TLP and information sharing

TLP Amber confusion: https://twitter.com/cyb3rops/status/1440690913919975433
https://www.cisa.gov/tlp

Recommended Training

Related Content

Cybersecurity Insights

January 16, 2023

The 17 Best Cybersecurity Podcasts

A list of cybersecurity-related podcasts.

Cybersecurity Insights

December 21, 2022

Q&A From SANS Special Broadcast: What You Need to Know About OpenAI's New ChatGPT Bot - and How it Affects Your Security

We had an influx of questions come in during our ChatGPT Special Broadcast on Wednesday, December 21. Here were those questions — and our responses.

Blueprint_Podcast_-_Blog_-_Top_5_Blueprint_Podcast_Episodes_of_2022_-_340x340.jpg

Cyber Defense, Cybersecurity Insights

December 12, 2022

Top 5 Blueprint Podcast Episodes of 2022

This year Blueprint Podcast published 14 episodes with experts from across the cybersecurity industry. Here were the top-rated episodes of the year.