135: The D.R. Incident

65 snips

Jul 4, 2023

Omar Avilez, a cybersecurity expert from the CSIRT of the Dominican Republic, shares thrilling insights from a major cyber incident he navigated. He delves into the escalating cyber warfare in the region, particularly the threats posed by the notorious Conti ransomware group. Omar discusses a wave of sophisticated phishing attacks targeting government agencies and the urgent need for enhanced cybersecurity measures. He highlights vulnerabilities in critical infrastructure and underscores the necessity for proactive defense strategies against evolving cyber threats.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Costa Rica Attack

Conti ransomware attacks crippled 20 Costa Rican government organizations.
Each department was infected separately, some through phishing and some through internet-connected systems.

ANECDOTE

Hidden Malware Discovery

While investigating, Omar found malware unrelated to Conti on a defaced website.
The malware, present for ten months, exploited an unknown Windows vulnerability.

ANECDOTE

Quantum Ransomware Attack

The Dominican Republic's agricultural department suffered a Quantum ransomware attack.
Omar stopped its spread, but the attackers' identity remained unknown.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.

Breakmaster Cylinder’s new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.

Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.

Sources

https://www.wired.com/story/costa-rica-ransomware-conti/

https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook

https://www.youtube.com/watch?v=QHYH0U66K5Q

https://www.youtube.com/live/prCr7Z94078

https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america

https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/

https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/

Attribution

Darknet Diaries is created by Jack Rhysider.

Assembled by Tristan Ledger.

Episode artwork by odibagas.

Mixing by Proximity Sound.

Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.