Episode
103: Cloud Hopper
55:25
Published: Tue Oct 26 2021
Description
Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached. Sponsors Support for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools aren’t solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Sources https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc-idUSKCN1TR1D4 https://www.fbi.gov/wanted/cyber/apt-10-group https://www.youtube.com/watch?v=277A09ON7mY https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 https://www.technologyreview.com/2018/12/20/239760/chinese-hackers-allegedly-stole-data-of-more-than-100000-us-navy-personnel/ Learn more about your ad choices. Visit podcastchoices.com/adchoices
Chapters
The sysadmin, or person with administrative access to core machines, is arguably the most powerful person in the workplace and it is crucial to prevent unauthorized access to the network to prevent security breaches and damage.
00:00 - 02:17 (02:17)
Summary
The sysadmin, or person with administrative access to core machines, is arguably the most powerful person in the workplace and it is crucial to prevent unauthorized access to the network to prevent security breaches and damage.
Episode103: Cloud Hopper
PodcastDarknet Diaries
The Swedish security service has notified a company that one of their computers was communicating with a known bad actor, a command and control server, indicating the possibility of a malware infection that needs to be resolved.
02:21 - 10:30 (08:08)
Summary
The Swedish security service has notified a company that one of their computers was communicating with a known bad actor, a command and control server, indicating the possibility of a malware infection that needs to be resolved. This could suggest a serious threat actor or that other companies in Sweden could also be affected.
Episode103: Cloud Hopper
PodcastDarknet Diaries
The use of a jump server is a common strategy in securely accessing servers in a remote network, especially in cases where only authorized personnel should be allowed access to.
10:30 - 15:32 (05:01)
Summary
The use of a jump server is a common strategy in securely accessing servers in a remote network, especially in cases where only authorized personnel should be allowed access to. This allows the users to have limited and secure access to specific areas of the network or specific files and applications.
Episode103: Cloud Hopper
PodcastDarknet Diaries
A group of techies gathered in a small room to discuss using Mimikatz to extract clear text passwords from unpatched systems that lack protection for cached passwords.
15:32 - 24:20 (08:48)
Summary
A group of techies gathered in a small room to discuss using Mimikatz to extract clear text passwords from unpatched systems that lack protection for cached passwords. They also discussed using timeline tools to identify affected systems.
Episode103: Cloud Hopper
PodcastDarknet Diaries
Detecting malware in your organization requires immediate action from management to control the situation and implement solutions to prevent future attacks.
24:21 - 34:19 (09:57)
Summary
Detecting malware in your organization requires immediate action from management to control the situation and implement solutions to prevent future attacks. Not addressing the issue can lead to serious consequences.
Episode103: Cloud Hopper
PodcastDarknet Diaries
A cyberattack on the US Department of Defense involved a threat actor using a server and a company's network to scan the department's servers for open file sharing connections, followed by a new malware and tools installation that linked to a different command and control server.
34:19 - 40:36 (06:17)
Summary
A cyberattack on the US Department of Defense involved a threat actor using a server and a company's network to scan the department's servers for open file sharing connections, followed by a new malware and tools installation that linked to a different command and control server.
Episode103: Cloud Hopper
PodcastDarknet Diaries
Hackers targeted managed service providers (MSPs) to gain access to the US Department of Defense's network.
40:36 - 52:21 (11:44)
Summary
Hackers targeted managed service providers (MSPs) to gain access to the US Department of Defense's network. They hacked into an MSP with access to lots of networks, including those of companies with contracts with the US Navy, in order to spider into their customers' networks and run scans on the DoD's IPs to see if there were any shared folders open to that company or network.
Episode103: Cloud Hopper
PodcastDarknet Diaries
An overview of the critical role that incident response plays in managing cybersecurity threats, including examples of the types of scenarios that require incident response teams.
52:21 - 55:34 (03:13)
Summary
An overview of the critical role that incident response plays in managing cybersecurity threats, including examples of the types of scenarios that require incident response teams.