podcast

135: The D.R. Incident

04.07.2023
Listen to the episode on your favorite platforms:
  • Apple Podcasts
  • Spotify
  • Castbox
  • Pocket Casts
  • Stitcher
  • iHeart
  • PlayerFM
  • Overcast
  • Castro
  • RadioPublic

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.

Breakmaster Cylinder’s new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.

Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit varonis.com/darknet.

Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.

Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.

Sources

https://www.wired.com/story/costa-rica-ransomware-conti/

https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook

https://www.youtube.com/watch?v=QHYH0U66K5Q

https://www.youtube.com/live/prCr7Z94078

https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america

https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/

https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/

Attribution

Darknet Diaries is created by Jack Rhysider.

Assembled by Tristan Ledger.

Episode artwork by odibagas.

Mixing by Proximity Sound.

Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.