Darknet Diaries

135: The D.R. Incident

Jul 4, 2023

Omar Avilez, a cybersecurity expert from the CSIRT of the Dominican Republic, shares thrilling insights from a major cyber incident he navigated. He delves into the escalating cyber warfare in the region, particularly the threats posed by the notorious Conti ransomware group. Omar discusses a wave of sophisticated phishing attacks targeting government agencies and the urgent need for enhanced cybersecurity measures. He highlights vulnerabilities in critical infrastructure and underscores the necessity for proactive defense strategies against evolving cyber threats.

42:38

Creator website

Episode guests

Omar Avilez

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Effective incident response requires advanced detection and response capabilities, collaboration with incident response teams, and cybersecurity vendors.

The convergence of cyber threats highlights the importance of sharing threat intelligence and best practices among nations to mitigate future risks.

Deep dives

The Chilling Story of Cyber Attacks on the Dominican Republic

In this podcast episode, Omar Aveles shares the story of a massive cyber attack campaign targeting the Dominican Republic. The attack involved three threat actors: Conti ransomware, dark caracal, and potentially the Russian government. The attackers infiltrated over 30 government organizations and critical infrastructure, posing a serious threat to the country's security. Omar and his team worked tirelessly to detect, respond to, and remediate the attacks. Through collaboration with international partners and security vendors, they were able to shut down the attack, prevent data exfiltration, and protect critical infrastructure. The story highlights the importance of cybersecurity preparedness and international cooperation in the face of sophisticated cyber threats.

Malware discovered on web server after 10 months

02:26

June 2022: Multiple Emails, Banduke Malware, and Dark Caracal Group

01:15

Costa Rica Cyberattack

01:47

Conti Ransomware Drama: Leaked Messages Show Russian Government Hacking

00:51

Intro

5min

Cyber Warfare in Costa Rica

11min

Enhancing Network Security through DNS Analysis

2min

Proactive Cyber Defense Against Ransomware Threats

2min

Phishing Frenzy: Cyber Threats to the Dominican Republic

22min

Vulnerabilities in Critical Infrastructure and Cybersecurity Challenges

4min

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.

Breakmaster Cylinder’s new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.

Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.

Sources

https://www.wired.com/story/costa-rica-ransomware-conti/

https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook

https://www.youtube.com/watch?v=QHYH0U66K5Q

https://www.youtube.com/live/prCr7Z94078

https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america

https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/

https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/

Attribution

Darknet Diaries is created by Jack Rhysider.

Assembled by Tristan Ledger.

Episode artwork by odibagas.

Mixing by Proximity Sound.

Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Darknet Diaries

135: The D.R. Incident

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Chilling Story of Cyber Attacks on the Dominican Republic

Detecting and Responding to Advanced Cyber Threats

The Complex Landscape of Cyber Threats

Lessons Learned and Strengthening Cybersecurity

Malware discovered on web server after 10 months

June 2022: Multiple Emails, Banduke Malware, and Dark Caracal Group

Costa Rica Cyberattack

Conti Ransomware Drama: Leaked Messages Show Russian Government Hacking

Remember Everything You Learn from Podcasts