AT&T ThreatTraq: Episode 111 (Full Episode)

AT&T Data Security Analysts Jim Clausing, Stan Nurilov and Manny Ortiz discuss the week's top cyber security news, and share news on the current trends of malware, spam, and internet anomalies observed on the AT&T Network.

Discussion Topics

01:18 - The 12-Year Hack
Source 1: http://cybertinel.com/press-release-harkonnen-operation/
Source 2: http://www.theregister.co.uk/2014/09/16/hackersforhire_raided_300_banks_corporates_for_twelve_years/

08:29 - Point-of-Sale Exploits
Source 1: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-system-breaches.pdf

10:45 - APT Groups Use Similar Tactics
Source 1: http://www.fireeye.com/blog/technical/targeted-attack/2014/09/the-path-to-mass-producing-cyber-attacks.html
Source 2: http://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-entanglement.pdf

16:09 - SNMP Traffic Saga Continues
Source 1: https://isc.sans.edu/diary/Google+DNS+Server+IP+Address+Spoofed+for+SNMP+reflective+Attacks/18647

23:42 - Internet Weather Report

Top ports being probed: 135/tcp, 22/tcp, 1433/tcp, 80/tcp, 53/udp, 23/tcp, 445/tcp, 443/tcp, 8:0/icmp

Top ports doing the most probing: 3:3/icmp, 445/tcp, 80/tcp, 8080/tcp, 23/tcp, 8:0/icmp, 8081/tcp, 3128/tcp, 27015/udp, 16470/udp

Focused discussion: 135/udp, 162/udp

Originally recorded September 16, 2014.

AT&T ThreatTraq welcomes your e-mail questions and feedback at [email protected]

Signup for our RSS feed here: http://techchannel.att.com/feed.cfm?FeedID=1005