135: The D.R. Incident

en-usJuly 04, 2023

Podcast Summary

The Power of Collaboration: International Cooperation in Addressing Cyber Threats: In the face of cyber-attacks, collaboration and mutual assistance across borders are crucial in effectively combating threats, highlighting the need for proactive measures to prevent widespread disruption.
Helping others in times of crisis and working together as a community is crucial when dealing with cyber-attacks and security threats. Omar, a member of the Dominican Republic's CSIRT, received a request for assistance from Costa Rica when they were hit with a Conti ransomware attack. Despite the incident happening in a different country, the CSIRT community collaborated to provide support. This highlights the importance of international cooperation in addressing cyber threats. Furthermore, the conversation sheds light on the widespread impact and disruption caused by ransomware attacks, emphasizing the need for proactive measures to prevent such incidents. Collaboration, information sharing, and mutual assistance are key in combating cyber-attacks effectively.
The Urgent Need for Robust Cybersecurity Measures and Constant Vigilance Against Evolving Cyber Threats: Cyber attacks are becoming more sophisticated and can go undetected for long periods of time. It is crucial to have strong cybersecurity measures in place and remain vigilant to protect against evolving threats.
Cyber attacks are becoming increasingly sophisticated and can go undetected for long periods of time. The malware that infected Costa Rica's systems was coordinated to trigger the ransomware at the right time, indicating that the attackers were focused on financial gain. Meanwhile, the discovery of an implant on the Dominican Republic's government website revealed that a different group had targeted them. This implant was a zero-day exploit, indicating the use of advanced malware that even Microsoft was unaware of. The purpose of this malware was to escalate privileges, giving the attackers full control over the compromised system. These incidents illustrate the urgent need for robust cybersecurity measures and constant vigilance to protect against evolving cyber threats.
Swift detection and response: A key defense against malware and cyber attacks.: Implementing proactive tools and staying informed about cybercriminal tactics are crucial for preventing malware spread and minimizing the impact of cyber attacks.
Swift detection and response are crucial in preventing the spread of malware and minimizing the impact of cyber attacks. In the case of the Quantum ransomware infection, Omar's quick reaction allowed him to halt the spread of the malware and prevent further compromise of systems. However, the difficulty in attributing the attack highlights the need for comprehensive threat intelligence and understanding the motives of different types of attackers. By implementing tools that analyze DNS queries and cross-reference them with known malicious domains, organizations can proactively identify and address potential threats. Omar's ability to detect an infected system reaching out to a command and control server underscores the importance of vigilance and staying informed about the evolving tactics and strategies employed by cybercriminals.
Dark Caracal: A Coordinated Cyber Attack on the Dominican Republic Government: The successful infiltration of government agencies in the Dominican Republic by Dark Caracal reveals the vulnerability of the government to coordinated cyber attacks and the challenges in defending against such breaches.
A hacker group called Dark Caracal successfully infiltrated over thirty government agencies and critical infrastructure in the Dominican Republic. They used phishing emails written in perfect Spanish to trick recipients into opening attachments infected with the Bandook malware. This malware gave them remote access to the victims' computers. It is unusual for a ransomware group from Eastern Europe or Russia to have the ability to speak perfect Spanish on such a large scale. The attack was orchestrated by the Dark Caracal group, linked to the Lebanese government. This situation highlights the vulnerability and helplessness of the Dominican Republic government in the face of a coordinated cyber attack. The attackers targeted numerous entry points, making it difficult to defend against the breach.
The Importance of Cyber Security for Governments: Governments, regardless of their size or resources, need to prioritize cyber security by investing in robust network infrastructure, up-to-date systems, and highly skilled employees. Building alliances and collaborating with international incident response teams are essential for effective threat detection and response.
Cyber security is crucial for all governments, regardless of their size or resources. The Dominican Republic's experience highlights the importance of having robust network infrastructure, up-to-date systems, and highly skilled employees to counter cyber threats. The country faced a sophisticated attack involving multiple adversarial groups working together, leading to severe consequences such as a major bank shutdown. It is essential for governments to prioritize cyber security, invest in advanced technologies, and collaborate with international incident response teams. Building alliances, attending conferences, and sharing information with other countries can significantly enhance a nation's ability to detect and respond to cyber threats. Cyber security should be seen as a global concern that requires collective efforts and constant vigilance.
Enhancing Monitoring Capabilities and Collaboration in Cybersecurity: Cybersecurity is not only about preventing attacks, but also about improving detection and response capabilities. Collaboration and sharing of indicators of compromise among nations are crucial in combating cyber threats effectively.
Cybersecurity is not just about building impenetrable walls to keep threats out, but also about improving our ability to detect and respond to cyber threats. Omar realized that instead of focusing solely on preventing attacks, he needed to enhance his monitoring capabilities to detect and understand when his network was compromised. This allowed him to identify various malicious activities and understand the extent of the infiltration, including the presence of Cobalt Strike, Bandook malware, Conti ransomware, and Dark Caracal. Additionally, the conversation revealed the involvement of Russia in these cyber attacks. It highlighted how countries with weaker defenses, like those in the Latin American region, can become experimental targets for cyber threats. This emphasizes the importance of collaboration and sharing indicators of compromise among nations to combat such attacks effectively.
Attribution and Motives in Cyber-Attacks: Complexity, Deception, and Intrigue: In cyber-attacks, determining attribution and motives can be complex, with potential deception involved. Defensive measures are crucial, as evidenced by Omar's proactive collaboration and efforts to block access.
Attribution and motives in cyber-attacks can be complex and challenging to determine. While there are indications that point towards Russia and Dark Caracal's involvement, it is essential to consider the possibility of deception and false leads. The motive behind the attack, whether financial or political, remains unclear. However, the relationship between Lebanon and the Dominican Republic adds an intriguing angle to the situation, considering the current President's family ties to Lebanon. It raises the possibility of Lebanon sending a message to the President through the cyber-attack. In response to the attack, Omar took proactive measures to remediate the situation, collaborating with infected agencies, improving detection methods, and blocking domains. The coordinated efforts aimed to make it as challenging as possible for the attackers to regain access, highlighting the importance of defensive measures in cybersecurity.
Enhancing Network Security: The Pyramid of Pain and Deterrence Measures: By implementing effective security measures and making it difficult for attackers to access networks, the likelihood of attacks can be significantly reduced, protecting critical systems and infrastructure.
Securing a network requires making it difficult for attackers to gain access. The concept of the "pyramid of pain" suggests that the more painful and challenging it is for attackers to infiltrate a network, the less likely they are to attempt it. While achieving complete security is unlikely, measures can be taken to deter and impede attackers. In the case discussed, a coordinated effort successfully cleared government agencies, a bank, and critical infrastructure from potential attacks. It is also highlighted that different systems, such as operational technology (OT), can be more challenging for attackers to control compared to traditional information technology (IT) systems. However, the conversation also brings attention to the vulnerability of critical systems in our increasingly complex digital world.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

Taking Control of Anxiety

The world has created a large amount of uncertainty which has created pressure with changes to people's economic and health status.

Living in a hamster's wheel or being caught up in the trap of busyness has caused people to operate on fear, creating nervous anxiety.

Heidi discusses the neuroscience of beliefs, mindset and self worth, delving into how these often drive many of the actions and behaviours that affect our mental wellbeing.

Within this episode, proactive measures are discussed to deal with anxiety.

*As with all individual cases, please consult your health care practitioner for tailored support within the area of mental health.

TO LEARN MORE:
www.TotalSomatics.com
www.HeidiHadley.com

Support the show

Somatic Movement & Mindset

en-usNovember 29, 2020

561. How to Succeed at Failing, Part 1: The Chain of Events

We tend to think of tragedies as a single terrible moment, rather than the result of multiple bad decisions. Can this pattern be reversed? We try — with stories about wildfires, school shootings, and love.

RESOURCES

Right Kind of Wrong: The Science of Failing Well, by Amy Edmondson (2023).
"Michigan School Shooter Is Found Eligible for Life Sentence Without Parole," by Stephanie Saul and Dana Goldstein (The New York Times, 2023).
"How Fire Turned Lahaina Into a Death Trap," by Nicholas Bogel-Burroughs, Serge F. Kovaleski, Shawn Hubler, and Riley Mellen (The New York Times, 2023).
The Violence Project: How to Stop a Mass Shooting Epidemic, by Jillian Peterson and James Densley (2021).
"I Was Almost A School Shooter," by Aaron Stark (TEDxBoulder, 2018).

EXTRAS

"Is Perfectionism Ruining Your Life?" by People I (Mostly) Admire (2023).
"Why Did You Marry That Person?" by Freakonomics Radio (2022).
"What Do We Really Learn From Failure?" by No Stupid Questions (2021).
"How to Fail Like a Pro," by Freakonomics Radio (2019).
"Failure Is Your Friend," by Freakonomics Radio (2014).

SOURCES:

Amy Edmondson, professor of leadership management at Harvard Business School.
Helen Fisher, senior research fellow at The Kinsey Institute and chief science advisor to Match.com.
Ed Galea, founding director of the Fire Safety Engineering Group at the University of Greenwich.
Gary Klein, cognitive psychologist and pioneer in the field of naturalistic decision making.
David Riedman, founder of the K-12 School Shooting Database.
Aaron Stark, assistant manager at Kum & Go and keynote speaker.
John Van Reenen, professor at the London School of Economics.

Freakonomics Radio

en-usOctober 12, 2023

entrepreneurship

personal growth

gender dynamics

safe learning environment

learning tool

embrace failure

learning opportunity

school shootings prevention

growth and innovation

failures