Internet Storm Center's June 25, 2025 Stormcast: Key Cybersecurity Topics

In the June 25, 2025 edition of the Internet Storm Center's Stormcast, Johannes Ullrich delves into several critical cybersecurity topics. The first issue addressed is the evolution of brute force attacks on passwords observed in honeypots since 2015. Ullrich particularly focuses on data from 2018 onwards, a period when data volumes became more stable and consistent. An analysis reveals that modern bots now use around 70 different username and password combinations to attack a target, compared to just 10 in 2018. However, the complexity of passwords remains relatively stable, with an average of eight characters. It is important to note that these passwords are often default, simple, and easy-to-guess passwords like "admin" or "password". Ullrich also mentions an interesting evolution of the Clickfix malware. Traditionally, Clickfix tricks users into copying and pasting code into a command prompt by presenting them with fake captchas. A new variant, called Filefix, uses the file explorer to execute commands, which could make detection more difficult and users more likely to fall for the trap. Finally, Ullrich discusses a SonicWall alert regarding a counterfeit version of their NetExtender software. This version uses a valid but stolen digital certificate, since revoked, to deceive users and steal their credentials. This attack underscores the importance of vigilance and digital certificate verification. The practical implications of this information are significant. Businesses and users need to be aware of the evolving attack techniques and adapt their security measures accordingly. For example, strengthening password complexity and using detection tools capable of spotting unusual behaviors can help protect against these new threats. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=IbO7D-i7vRs