SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform
Aug 1, 2025
Explore the fascinating world of cyber threats with a deep dive into Scattered Spider's tactics and related domains. Discover Excel's upcoming changes that block links to dangerous file types for enhanced security. Plus, learn about CISA's release of Thorium, a new open-source platform for malware analysis, designed to bolster defenses against cyber attacks. Stay informed and protect yourself in an ever-evolving digital landscape!
AI Snips
Chapters
Transcript
Episode notes
Dynamic Domain Patterns of Scattered Spider
- Scattered Spider threat actors adopt dynamic domain patterns that pivot around brand names plus suffixes like "helpdesk" or "cdn."
- Threat Intel should focus on emerging domain registrations linked to your brand, not just fixed patterns in advisories.
Excel Blocks Dangerous External Links
- Microsoft will disable Excel external workbook links to dangerous file types by default from October.
- Review linked file types in Excel and adjust settings only if you understand the risks to reduce attack surface.
CISA’s Thorium Malware Analysis Tool
- The Thorium platform offers a simple, Docker-based malware analysis environment released by CISA.
- This open-source tool facilitates fast and easy malware analysis across various tools, enhancing analyst workflows.