SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Thursday, December 19th, 2024
12 snips
Dec 19, 2024 Dive into the world of TeamTNT as they exploit web servers, leaving behind stealthy malware. Discover the alarming rise of social engineering attacks targeting Okta users and what that means for security. The discussion also touches on possible regulations for TP-Link routers due to cybersecurity threats. Finally, catch up on CISA’s latest best practices for mobile communications, ensuring you're equipped to handle evolving cyber risks.
AI Snips
Chapters
Transcript
Episode notes
Team TNT Honeypot Attack
- Team TNT attacked a honeypot simulating a web server vulnerability.
- The attack involved obfuscated scripts, malware downloads, and crypto mining.
Detecting Crypto Miners
- Crypto miners, like xmrig, don't always trigger malware signatures.
- Verify your systems can detect xmrig, a commonly used crypto miner.
RDP Attack Advantages
- Attackers favor RDP because it's pre-installed on Windows systems, appearing less suspicious.
- Malicious RDP configuration files, often delivered via phishing, enable unauthorized access.