STAR livestream with Katie Nickels: September 24, 2021 Episode NOTES

The SANS Threat Analysis Rundown (STAR) is an all-new live streaming series that brings you the inside scoop on cyber threats

September 27, 2021

STAR Livestream with Katie Nickels - September 24, 2021 Episode NOTES

Intro

Centre for Cybersecurity Belgium (CCB) events: https://app.livestorm.co/ccb/

Ransomware

https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
Conti
- https://us-cert.cisa.gov/ncas/alerts/aa21-265a
- https://www.bleepingcomputer.com/news/security/translated-conti-ransomware-playbook-gives-insight-into-attacks/
Treasury sanctions: https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210921
BlackMatter attack on food distribution company: https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/
Not the cheese! https://threatpost.com/ransomware-cheese-shortages-netherlands/165407/
Grief scare tactics: https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/
Negotiation chat (mild profanity) that reflects how a lot of us feel sometimes: https://twitter.com/ddd1ms/status/1440766066871848966?s=19
On a lighter note: https://twitter.com/jckichen/status/1440061412215181318?s=20

Exploitation of recent vulnerabilities

Great piece by Patrick Howell O’Neill: https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/
Zero days in the wild spreadsheet from Project Zero: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=0
Threats exploiting the MSHTML vulnerability: https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
Top routinely exploited vulnerabilities list: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
https://ccb.belgium.be/en/vulnerability-policy

Grab bag of other reports

A new malware family with one of the best names ever: https://security-soup.net/squirrelwaffle-maldoc-analysis/
Jupyter backdoor that is pretty widespread: https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
Flubot text message threat: https://www.safeonweb.be/en/news/beware-dangerous-flubot-virus-dont-click-suspicious-text-messages

TLP and information sharing

TLP Amber confusion: https://twitter.com/cyb3rops/status/1440690913919975433
https://www.cisa.gov/tlp

Recommended Training

Related Content

Cybersecurity and IT Essentials, Cybersecurity Insights

October 24, 2024

The ABCs of Cybersecurity

A glossary of cybersecurity terminology that will help you quickly get up to speed on the industry’s terms and meanings.

DFIR blog image.png

Digital Forensics, Incident Response & Threat Hunting

August 22, 2024

A Visual Summary of SANS DFIR Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS DFIR Summit 2024

Spring 2024 Update FOR585 Smartphone Forensic Analysis In Depth

Digital Forensics, Incident Response & Threat Hunting

Spring 2024 Update: Explore the Latest Enhancements to SANS FOR585: Smartphone Forensic Analysis In-Depth

We are excited to announce the latest update to the SANS Institute's FOR585: Smartphone Forensic Analysis In-Depth!

Heather Barnhart