STAR livestream with Katie Nickels: September 24, 2021 Episode NOTES

The SANS Threat Analysis Rundown (STAR) is an all-new live streaming series that brings you the inside scoop on cyber threats

September 27, 2021

STAR Livestream with Katie Nickels - September 24, 2021 Episode NOTES

Intro

Submit to the SANS CTI Summit 2022 CFP: https://www.sans.org/mlp/cti-summit-2022-cfp/
Centre for Cybersecurity Belgium (CCB) events: https://app.livestorm.co/ccb/

Ransomware

https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
Conti

Treasury sanctions: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921
BlackMatter attack on food distribution company: https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/
Not the cheese! https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/
Grief scare tactics: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/
Negotiation chat (mild profanity) that reflects how a lot of us feel sometimes: https://twitter.com/ddd1ms/status/1440766066871848966?s=19
On a lighter note: https://twitter.com/jckichen/status/1440061412215181318?s=20

Exploitation of recent vulnerabilities

Great piece by Patrick Howell O’Neill: https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
Zero days in the wild spreadsheet from Project Zero: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0
Threats exploiting the MSHTML vulnerability: https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
Top routinely exploited vulnerabilities list: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
https://ccb.belgium.be/en/vulnerability-policy

Grab bag of other reports

A new malware family with one of the best names ever: https://security-soup.net/squirrelwaffle-maldoc-analysis/
Jupyter backdoor that is pretty widespread: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
Flubot text message threat: https://www.safeonweb.be/en/news/beware-dangerous-flubot-virus-dont-click-suspicious-text-messages

TLP and information sharing

TLP Amber confusion: https://twitter.com/cyb3rops/status/1440690913919975433
https://www.cisa.gov/tlp

Recommended Training

Related Content

Cybersecurity Insights

October 11, 2021

Keynote Announcement: U.S. Executive Order on Cybersecurity with Art Coviello and Mike Brown at SANS Cyber Solutions Fest 2021

This keynote will discuss the recent Executive Order on cybersecurity and what it means for the government and cybersecurity professionals.

Angelina Derajtys

Cybersecurity Insights

September 30, 2021

Cybersecurity Podcast Roundup

A list of cybersecurity-related podcasts.

Cyber Defense Essentials, Cybersecurity Insights

September 22, 2021

The ABCs of Cybersecurity

A glossary of cybersecurity terminology that will help you quickly get up to speed on the industry’s terms and meanings.