Beers with Talos EP 30 - VPNFilter, the Unfiltered Story



Beers with Talos (BWT) Podcast Episode 30 is now available.  Download this episode and subscribe to Beers with Talos:

If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast

EP30 Show Notes: 


Recorded May 25, 2018 - As you can expect, this episode focuses on VPNFilter. We discuss how we got involved, why Talos made the decision to disclose when we did, and we cover many details of the malware itself. There is a lot of background to this ongoing discussion. Take a peek behind the curtain of the defense against this attack as we cover many different aspects of the malware, the attack and the mitigation.

The Timeline:


The Roundtable

01:10 - Nigel — The Mighty Reds in the Champions League final, without external interference
04:32 - Joel — Doing the full-Biden, Joel reveals his surveillance of Eminem’s dating life.
06:18 - Craig — A walking Texas stereotype, as long as he’s walking in hippie sandals
08:18 - Matt — Sorry I was saving the internet, red cards hit home (Matt totally faked the injury)

The Topics

13:20 - VPNFilter background — being compelled to release unfinished research, a killswitch is found (not the good kind), and infection rates spike on a clearly defined target.
20:50 - Not going it alone — preparing the field and partners for release
21:51 - How the malware works and how the domain takedown works
27:50 - Recap of mitigation guidance for potentially affected devices
29:05 - Stage 2 and 3 - Sniffing for creds and MODBUS
34:24 - Highly earned shoutout to the super smart folks that came together to on this
39:46 - Becoming an expert in a couple days, Matrix-download-style — Top questions we have received
49:19 - Nigel’s conspiracy theories
51:03 - Special thanks — and why community matters

The Links:



VPNFilter blog post: https://blog.talosintelligence.com/2018/05/VPNFilter.html

U.S. Department of Justice Release and Guidance: https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected

USCERT Alert: https://www.us-cert.gov/ncas/alerts/TA18-145A

Fun Fact: This episode contains the fourth time Craig has referred to listeners as “readers." #PopUpPodcast

==========

Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).
Hosted by Mitch Neff (@MitchNeff).

Find all episodes:
http://cs.co/talospodcast

Subscribe via iTunes (and leave a review!)
http://cs.co/talositunes

Check out the Talos Threat Research Blog:
http://cs.co/talosresearch

Subscribe to the Threat Source newsletter:
http://cs.co/talosupdate

Follow Talos on Twitter:
http://cs.co/talostwitter

Give us your feedback and suggestions for topics:
beerswithtalos@cisco.com
Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+
Newer Post: Newer Post
Older Post: Older Post
Date:
Edit this post

Discussion

Powered by Manual Template
Name

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS
false
ltr
item
materialize material: Beers with Talos EP 30 - VPNFilter, the Unfiltered Story
Beers with Talos EP 30 - VPNFilter, the Unfiltered Story
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKew5rvn4ufhHCHkr5GomoqlZelCCBhdJFMd3gZAjCPPKJmXfM-7BPM2vdD73mNi24ugRSKyTPGzXtg6x5AFHZf9RILUsc1UcqTz1Hs8oxhCFNTQxGTT33i82a7i2gsSiVAOehkawiGB8/s640/BWT_EP30_NigelBubble.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKew5rvn4ufhHCHkr5GomoqlZelCCBhdJFMd3gZAjCPPKJmXfM-7BPM2vdD73mNi24ugRSKyTPGzXtg6x5AFHZf9RILUsc1UcqTz1Hs8oxhCFNTQxGTT33i82a7i2gsSiVAOehkawiGB8/s72-c/BWT_EP30_NigelBubble.jpg
materialize material
https://materialize-material.blogspot.com/2018/05/beers-with-talos-ep-30-vpnfilter.html
https://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/2018/05/beers-with-talos-ep-30-vpnfilter.html
true
1816414542238562206
UTF-8
Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy