Podcast Detail

SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9692.mp3

previous
Podcast Logo
Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks
00:00

My Next Class

Application Security: Securing Web Apps, APIs, and MicroservicesDallasDec 1st - Dec 6th 2025
Network Monitoring and Threat Detection In-DepthOnline | Central European TimeDec 15th - Dec 20th 2025

… more classes


Honeypot Requests for Code Repository
Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites.
https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460

Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Newly discovered malicious .NET packages attempt to deliver a time-delayed attack targeting ICS systems.
https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads

Side Channel Leaks in Encrypted Traffic to LLMs
Traffic to LLMs can be profiled to discover the nature of prompts sent by a user based on the amount and structure of the encrypted data.
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

Application Security: Securing Web Apps, APIs, and MicroservicesDallasDec 1st - Dec 6th 2025
Network Monitoring and Threat Detection In-DepthOnline | Central European TimeDec 15th - Dec 20th 2025
Application Security: Securing Web Apps, APIs, and MicroservicesOrlandoMar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-DepthAmsterdamApr 20th - Apr 25th 2026
Application Security: Securing Web Apps, APIs, and MicroservicesSan DiegoMay 11th - May 16th 2026
Network Monitoring and Threat Detection In-DepthOnline | Arabian Standard TimeJun 20th - Jun 25th 2026
Network Monitoring and Threat Detection In-DepthRiyadhJun 20th - Jun 25th 2026

Podcast Transcript

 Hello and welcome to the Monday, November 10th, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from
 Jacksonville, Florida. And this episode is brought to you
 by the SANS.edu graduate certificate program in
 cybersecurity engineering. Quick reminder from Didier today
 that our honeypots continuously are seeing a lot
 of attempts to download source code repositories from your
 web service. This often happens sort of accidentally
 where these .git and directories like this are
 being made live as part of pushing a website live. So
 definitely be super careful about this. The attackers are
 constantly scanning for this. And when I'm talking about,
 you know, for example, not embedding credentials and such
 in GitHub repositories, that question always comes up very
 well. You know, what if I keep my GitHub repository private?
 Well, yeah, it's private, but for how long and all it takes
 is a small configuration mistake like this in order to
 leak not just your source code, but also possible
 secrets that you're keeping with your source code. So be
 super careful here. And also proactively scan your web
 publications for any leaked directories like this. You can
 expect that it takes probably way less than a day for an
 attacker to find these files. And Socket has discovered an
 interesting set of new malicious .NET packages
 distributed via NuGet. There are a couple things that are
 really different and novel compared to some of the other
 malicious packages that we've talked about in the past. I
 think it was just last week or so that I mentioned that
 pretty much all of the attacks that we have seen so far were
 really heavily targeting crypto coin developers. Well,
 this one is different. It's going specifically after
 developers that are working with industrial control
 systems in particular targeting, for example, a
 library related to a Siemens PLCs. So one of the issues
 here is that the developer in question who published these
 malicious packages did also publish some benign packages
 that work as advertised and definitely something that
 someone may legitimately use. But then in addition, they
 also have published some malicious packages, the sharp7
 extension for example, so sharp7extend an extended version
 of that API. Certainly something a developer would be
 interested in. But this is not the only odd thing. The other
 odd thing is that there is a time delay build into the
 malicious code being activated that 
 very heavily depends on the particular package being
 used here. Some of them will not activate the malicious
 code for years and I think actually that's almost too
 long that they're waiting here. Obviously the packages
 were discovered now before the malicious code activated. I
 think 2028 was sort of one of the start dates here for one
 of the particular packages. So that's first of all
 interesting that they wait that long. There are a couple
 where it starts faster where it picks a random delay
 between 30 and 90 minutes. That also makes sense because
 that's probably long enough where a quick test inside a
 sandbox or so before you deploy the package will not
 find it. What's also interesting is that it
 directly affects the communication with the
 industrial control system. So there is no simple sort of
 money-making kind of motivation here. It's really
 more sabotage and it's tricky insofar that once the
 malicious code activates it does not have a hundred
 percent failure rate. Now the failure rate is pretty large.
 It's sort of in the 80 percent range for some of these
 packages but still it's not a hundred percent which of
 course could again make it more difficult to reproduce
 these issues and maybe make you more plain like a faulty
 device and such and not necessarily faulty and
 malicious code. So really interesting and I think that
 entire area of these attacks against developers that's what
 we actually also had with the repostors I just talked about
 and these malicious modules being published. It's just
 something that's getting sort of verse and verse by the day.
 And then we have an interesting attack developed
 by Microsoft in order to deduct what prompts a user is
 sending to an LLM via an encrypted channel like HTTPS.
 They call the attack whisper leak and it reminds me of
 similar attacks that have been used against for example
 search engines. The trick here is that we are just looking at
 the size of the data being transmitted in particular sort
 of on a more granular scale like looking at packet sizes
 in order to detect what the size of each chunk of data is
 that's being transmitted. And that apparently is somewhat
 related to the topic that the particular LLM is answering
 questions about. Interesting work and I think I'm still a
 bit skeptical how much it scales and how really
 practically applicable it is. In something more traditional
 world it usually happens like in search engines where you
 sort of have these single page applications where a user with
 each character they type gets a certain response back. And
 then looking at the response coming back you usually can
 basically deduct what letter the particular user typed. And
 that works in particular well if you have a limited set of
 questions that the user could ask. For example in medical
 environments where they may be looking up the name of a drug
 or a disease this is quite applicable. We'll have to see
 how applicable this really is here for LLMs but it's an
 interesting attack. And probably adding some noise
 that's usually the answer for these types of attacks does
 make some sense here in order to make this kind of deduction
 of the content less successful. Well and this is
 it for today so thanks for listening. Thanks for liking.
 Thanks for subscribing to this podcast. And thanks for
 leaving good comments at your favorite podcast app. And talk
 to you again tomorrow. Bye.
 Bye.