ISC StormCast for Wednesday, March 1st, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
00:00
Quarkbot Attack
The latest infection came thanks to a URL marked at virus total. The bot downloads an encrypted zip file but then also connects to an HTTPS website with a self-signed certificate. Multi-fact authentication may have helped here but if I read your report right, it may have been in place at least for parts of the access and was bypassed by the attacker using VPN tunnels that this person had established.
Transcript
Play full episode
