SANS Internet Storm Center Stormcast: July 15, 2025 Edition on Cybersecurity
In this July 15, 2025 edition of the SANS Internet Storm Center Stormcast, Johannes Ori discusses several crucial topics in cybersecurity. First, he addresses a recent issue with honeypots, systems designed to attract and analyze malicious attacks. An incident caused a delay in importing logs from these honeypots due to a self-inflicted denial-of-service attack. This situation led to a deeper analysis of log volumes, revealing a significant increase in malicious activities targeting SonicWall systems. This increase appears to be due to a botnet aggressively scanning for vulnerable systems, highlighting the importance of checking and patching these systems.
Another topic covered is a campaign of compromised browser extensions, called "Red Direction." This campaign affected popular extensions like "Color Picker Color Changer," used by 2.3 million users. What is particularly concerning is that these extensions were not originally malicious but received malicious updates later. These compromised extensions can monitor browsing habits, redirect users to other sites, and control the browser. This underscores the risk of browser extensions, which often have full access to browser content. To protect oneself, it is crucial to limit the number of installed extensions and monitor their permissions.
Finally, Johannes Ori mentions a detailed blog post by Matias Folks on reconstructing RDP (Remote Desktop Protocol) activity. RDP is a method commonly used by attackers to access corporate networks. The blog post explains how to analyze different Windows event IDs and use the RDP cache to reconstruct screenshots of RDP activity, providing a better understanding of the events that occurred. This resource is valuable for incident responders and forensic experts.
In conclusion, this video offers valuable insights into current cybersecurity trends, the risks associated with browser extensions, and advanced methods for analyzing malicious activities. This information is essential for cybersecurity professionals seeking to protect their systems against emerging threats.