Podcast Detail

ISC StormCast for Friday, August 28th 2015

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/4633.mp3

Podcast Logo
SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015
00:00

My Next Class

Intrusion Detection In-DepthOnline | Central European TimeJan 30th - Feb 4th 2023
Network Monitoring and Threat Detection In-DepthBrusselsJan 30th - Feb 4th 2023

… more classes

Spotify spotify logo

Discussion

There seems to be no conclusive proof this phishing originated from "Iranian attackers".

The article linked by SANS, in turn references a report by the Israeli company Clearskysec, which in turn references a non-existent Google cache entry from Florida's College of Arts (???). See for yourselves at page 14 of http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public1.pdf (version as of today 2015-08-28).

The other "intelligence" could have been intentionally spoofed: Iranian IP addresses (botnet?), a blog in Farsi (with an English name), free Iranian hosting service (without its access logs), domain registration details (can be set/changed to anything) and lastly the phone call in Farsi... I don't always send phishing, but when I do, I always phone in my native language disclosing my nationality and leaving a voice fingerprint.

All I ask is that you please label a guess as such.
Posted by Enos on Fri Aug 28 2015, 05:28

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form


Intrusion Detection In-DepthOnline | Central European TimeJan 30th - Feb 4th 2023
Network Monitoring and Threat Detection In-DepthBrusselsJan 30th - Feb 4th 2023
Application Security: Securing Web Apps, APIs, and MicroservicesOnline | US CentralFeb 20th - Feb 25th 2023