SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches
5 snips
Sep 3, 2025 Dive into the dark world of sextortion as experts analyze 1,900 scam messages and their effectiveness over four years. Discover alarming insights into Azure AD client secret theft, revealing how attackers exploit exposed credentials. Learn about a new bot that cleverly uses ICMP and DNS for covert communications, combining two protocols for stealthy command execution. Lastly, find out about the critical updates for FreePBX and the importance of staying secure amidst these rising cybersecurity threats.
AI Snips
Chapters
Transcript
Episode notes
Sextortion Effectiveness Is Waning
- Sextortion campaigns appear to be declining in effectiveness over time as recipients receive repeat messages.
- Payments tend to arrive within a day and ask for a few hundred to a few thousand dollars or euros.
Honeypots Capture Azure AD Secret Scans
- ReSecurity observed attackers scanning for appsettings.json files that contain Azure AD client IDs and secrets.
- Once found, those credentials let attackers target Azure Active Directory setups directly.
Exposed appsettings.json Is Low-Hanging Fruit
- Developers often leave Azure AD client secrets in appsettings.json and in variant filenames like development versions.
- These exposed files are low-hanging fruit that enable further attacks once harvested.