logo
episode-header-image
Jul 2023
42m 38s

135: The D.R. Incident

Jack Rhysider
About this episode

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.


Breakmaster Cylinder’s new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that.


Sponsors

Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet.


Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.


Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more.


Sources

https://www.wired.com/story/costa-rica-ransomware-conti/

https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook

https://www.youtube.com/watch?v=QHYH0U66K5Q

https://www.youtube.com/live/prCr7Z94078

https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america

https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/

https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/


Attribution

Darknet Diaries is created by Jack Rhysider.

Assembled by Tristan Ledger.

Episode artwork by odibagas.

Mixing by Proximity Sound.

Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.

Up next
Jul 1
160: Greg
Greg Linares (AKA Laughing Mantis) joins us to tell us about how he became the youngest hacker to be arrested in Arizona.Follow Greg on Twitter: https://x.com/Laughing_Mantis.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection ... Show More
1h 37m
Jun 3
159: Vastaamo
Joe Tidy investigates what may be the cruelest and most disturbing cyber attack in history. A breach so invasive it blurred the line between digital crime and psychological torture. This story might make your skin crawl.Get more from Joe linktr.ee/joetidy.Get the book Ctrl + Alt ... Show More
51m 6s
May 6
158: MalwareTech
MalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulled him into a world he never expected.https://malwaretech.comSponsorsSupport for ... Show More
1h 6m
Recommended Episodes
Apr 2019
Poisoned porn ads, the A word, and why why why Wipro?
The hacker who lived the high life after spreading malware via porn sites, Wipro demonstrates how to turn a cybersecurity crisis into a PR disaster, and why are humans listening in to your Alexa conversations?All this and much much more is discussed in the latest edition of the " ... Show More
52m 41s
May 2024
Healthcare in the crosshairs.
Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexico’s top cop accus ... Show More
47m 30s
Mar 2019
Hijacked motel rooms, ASUS PCs, and leaky apps
An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.All this and much much more is discussed in the latest edition of the "Smashing ... Show More
47m 37s
Jan 2024
Midnight Blizzard brings the storm.
Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order anothe ... Show More
29m 59s
Feb 2024
DOJ strikes justice.
The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on facts. Australia looks to criminalize doxxing. Federal IT leaders seek better coo ... Show More
36m 31s
Mar 2024
#341: Korea’s Nth Room: 260k Men Paying to Violate, R*pe, and Torture Middle School Girls On Telegram
The SBS news producers sat around a laptop in the conference room. They replayed the video of a girl with a bag over her head and a red string tied around her.She says:“I am The Doctor’s slave. I will light myself on fire in a few days in front of the SBS headquarters if they air ... Show More
1h 17m
May 2023
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymu ... Show More
29m 32s
Mar 2023
Crypto hacker hijinks, government spyware, and Utah social media shocker
A cryptocurrency hack leads us down a maze of twisty little passages, Joe Biden's commercial spyware bill, and Utah gets tough on social media sites.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Gra ... Show More
47m 33s
May 2016
Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren't 'bombs?
In today's podcast, we hear about the current state of ransomware, why criminals like it, and what can be done about it. Keyloggers are being distributed by malicious USB charging devices. Blue Coat may be headed for an IPO. US cyber operations have been called "cyber bombs," but ... Show More
12m 45s