Podcast Detail

ISC StormCast for Friday, August 28th 2015

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/4633.mp3

previous
next
Podcast Logo
SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015
00:00

My Next Class

… more classes

Interested in Internet Storm Center stickers? Check here if there are still some available for today.

Spotify spotify logo

Discussion

There seems to be no conclusive proof this phishing originated from "Iranian attackers".

The article linked by SANS, in turn references a report by the Israeli company Clearskysec, which in turn references a non-existent Google cache entry from Florida's College of Arts (???). See for yourselves at page 14 of http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public1.pdf (version as of today 2015-08-28).

The other "intelligence" could have been intentionally spoofed: Iranian IP addresses (botnet?), a blog in Farsi (with an English name), free Iranian hosting service (without its access logs), domain registration details (can be set/changed to anything) and lastly the phone call in Farsi... I don't always send phishing, but when I do, I always phone in my native language disclosing my nationality and leaving a voice fingerprint.

All I ask is that you please label a guess as such.
Posted by Enos on Fri Aug 28 2015, 05:28

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form