SANS Internet Storm Center Stormcast: Key Cybersecurity Topics

In this May 19, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ullrich presents several key topics in cybersecurity. First, he mentions a new version of the Xor tool, developed by DDA, which allows for the extraction of character strings from files. This version includes a feature to define a Python function to filter printable characters, making the results more readable. Another important point discussed is the Pwn2Own contest organized by Trend Micro at a recent security conference. This contest highlighted several vulnerabilities, including privilege escalation and virtual machine escapes in systems like Red Hat, Windows 11, VirtualBox, and VMware. The discovered vulnerabilities are reported to the relevant manufacturers, and some, like those in Firefox, have already been fixed. If the vulnerabilities are not fixed within 90 days, their existence is made public. Johannes Ullrich expresses his surprise at an FBI warning about an increase in attempts to impersonate high-ranking officials via SMS and voicemail. Although these attempts are not technically sophisticated, they appear to be effective. Moreover, more elaborate deepfakes are being used for more complex frauds, such as hiring people or validating engineering plans with falsified credentials. Ullrich emphasizes that defense against these scams relies mainly on robust business rules rather than purely technical solutions. Next, Ullrich discusses the techniques used by the Scattered Spider group, known for its financial attacks, including those against MGM. This group is increasingly using dynamic domain name systems (DDNS) for their attacks. Ullrich shares his personal experience with DDNS and mentions that certain domains, like it.com, are popular among attackers. He explains that blocking these domains can be complex because they are also used by legitimate businesses. To detect anomalies in DNS traffic, he recommends using Mozilla's list of public prefixes, which helps distinguish subdomains from main domains. In conclusion, this video provides a detailed overview of the latest trends and techniques in cybersecurity, highlighting the importance of staying vigilant and implementing appropriate defense measures.