SANS Internet Storm Center Podcast Discusses Latest Cybersecurity Threats and Defenses

In the August 1, 2025 edition of the SANS Internet Storm Center Stormcast podcast, Johannes Ullrich from Jacksonville, Florida, discusses several crucial topics in cybersecurity. The podcast begins with an important update regarding the cybercriminal group known as "Scattered Spider." The CISA, in collaboration with other government agencies, has released an updated report on this group, highlighting new social engineering techniques and indicators of compromise.

A particularly interesting point in the report is the use of new domain name schemes by Scattered Spider, such as "targetsname-cms.com" or "targetsname-helpes.com." These domain names are designed to mimic support services, making phishing attacks easier. Johannes explains how he used data from the Storm Center to search for similar recently registered domain names. He mentions that cybercriminals often change their schemes once they are discovered, making detection more difficult.

Johannes emphasizes the importance of not just relying on the indicators of compromise provided in security advisories. It is crucial to "pivot" around this information to discover new potential threats. For example, he found a suspicious domain, "CDN-truist.com," which did not match known patterns but could be used by another cybercriminal group. He stresses the need to monitor newly registered domain names with specific brands to detect malicious activities.

The podcast also covers measures taken by Microsoft to reduce the attack surface of Excel. Excel allows data retrieval from external documents, a useful but risky feature if the external documents contain malicious content. Microsoft has decided to block links to certain types of dangerous files starting in October. This measure aims to protect users while giving them the option to disable this feature if they know what they are doing.

Finally, Johannes mentions the Thorium platform, developed by Sandia National Labs for CISA. This platform, now available on GitHub, is a set of Docker containers designed for quick and easy malware analysis. Although Johannes has not yet tested this platform, he invites listeners to share their experiences and opinions on this tool.

In conclusion, this podcast provides valuable information on new cybercrime techniques, security measures implemented by major tech companies, and tools available for cybersecurity professionals. It emphasizes the importance of staying vigilant and continuously adapting defense strategies to counter evolving threats.