STAR livestream with Katie Nickels: September 24, 2021 Episode NOTES

The SANS Threat Analysis Rundown (STAR) is an all-new live streaming series that brings you the inside scoop on cyber threats

September 27, 2021

STAR Livestream with Katie Nickels - September 24, 2021 Episode NOTES

Intro

Submit to the SANS CTI Summit 2022 CFP: https://www.sans.org/mlp/cti-summit-2022-cfp/
Centre for Cybersecurity Belgium (CCB) events: https://app.livestorm.co/ccb/

Ransomware

https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
Conti

Treasury sanctions: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921
BlackMatter attack on food distribution company: https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/
Not the cheese! https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/
Grief scare tactics: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/
Negotiation chat (mild profanity) that reflects how a lot of us feel sometimes: https://twitter.com/ddd1ms/status/1440766066871848966?s=19
On a lighter note: https://twitter.com/jckichen/status/1440061412215181318?s=20

Exploitation of recent vulnerabilities

Great piece by Patrick Howell O’Neill: https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
Zero days in the wild spreadsheet from Project Zero: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0
Threats exploiting the MSHTML vulnerability: https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
Top routinely exploited vulnerabilities list: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
https://ccb.belgium.be/en/vulnerability-policy

Grab bag of other reports

A new malware family with one of the best names ever: https://security-soup.net/squirrelwaffle-maldoc-analysis/
Jupyter backdoor that is pretty widespread: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
Flubot text message threat: https://www.safeonweb.be/en/news/beware-dangerous-flubot-virus-dont-click-suspicious-text-messages

TLP and information sharing

TLP Amber confusion: https://twitter.com/cyb3rops/status/1440690913919975433
https://www.cisa.gov/tlp

Recommended Training

Related Content

Cybersecurity Insights

A Visual Summary of SANS Neurodiversity Summit 2022

On May 12, hundreds from around the globe tuned in for the SANS Neurodiversity in Cybersecurity Summit. We invited Ashton Rodenhiser to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the SANS Neurodiversity in Cybersecurity Summit through a...

Digital Forensics and Incident Response

Which DFIR Summit Mascots do you want to see as Lego giveaways this year? Vote now!

To celebrate the 15th year of the DFIR Summit, we are letting you choose your favorite Summit mascot over the years. Which will make our Lego set?

Digital Forensics and Incident Response

SANS FOR500: Windows Forensic Analysis - Updated for Windows 11 and Beyond

The new release of the FOR500 Windows Forensic Analysis course includes a significant focus to support the new Windows 11 operating system and more.