Jack Rhysider

I get frustrated from that quote because I feel like we should be able to defend and protect. Why don't we have secure software that can do that? I mean, how many more years and technical advancements do we need before we can defend our networks? But the sad truth is we may never get there.

I get frustrated from that quote because I feel like we should be able to defend and protect. Why don't we have secure software that can do that? I mean, how many more years and technical advancements do we need before we can defend our networks? But the sad truth is we may never get there.

And so what Bruce is saying is we need to be assuming we're breached and to work on improving our ability to detect and respond to cyber threats. Somewhere in the middle of the storm, Omar realized that too. Instead of trying to build those walls up higher and higher to stop people from getting in, he needed to get better at detecting when they did get in.

And so what Bruce is saying is we need to be assuming we're breached and to work on improving our ability to detect and respond to cyber threats. Somewhere in the middle of the storm, Omar realized that too. Instead of trying to build those walls up higher and higher to stop people from getting in, he needed to get better at detecting when they did get in.

So he started installing more monitoring tools into the network so that he could watch more closely what was going on in there. And this allowed him to understand where Cobalt Strike was and spot it and the Bandook malware and Conti ransomware and Dark Caracal and where it was in the network and how it was moving around, giving him a beautiful view into which systems were infected.

So he started installing more monitoring tools into the network so that he could watch more closely what was going on in there. And this allowed him to understand where Cobalt Strike was and spot it and the Bandook malware and Conti ransomware and Dark Caracal and where it was in the network and how it was moving around, giving him a beautiful view into which systems were infected.

There's now a third threat actor involved in this attack? Just before all this happened in the Dominican Republic, there was some crazy drama going on in the Conti ransomware gang. So Conti, we know, is based in Russia. And they came out publicly in support of Russia's invasion of Ukraine.

There's now a third threat actor involved in this attack? Just before all this happened in the Dominican Republic, there was some crazy drama going on in the Conti ransomware gang. So Conti, we know, is based in Russia. And they came out publicly in support of Russia's invasion of Ukraine.

Well, I guess someone close to Conti did not like this and decided to publicly leak 60,000 messages between the Conti group and other people. And these leaked messages showed that the Russian government had been hacking into places that just seemed to be in poor taste, you know, like hacking medical researchers.

Well, I guess someone close to Conti did not like this and decided to publicly leak 60,000 messages between the Conti group and other people. And these leaked messages showed that the Russian government had been hacking into places that just seemed to be in poor taste, you know, like hacking medical researchers.

So it's not a far-fetched to think that Conti may be working with the Russian government, or that the Russian government would be attacking smaller countries, sort of as a testing ground to practice their hacking skills. But I mean, an infiltration at this level really can pose as a whole new type of ransomware.

So it's not a far-fetched to think that Conti may be working with the Russian government, or that the Russian government would be attacking smaller countries, sort of as a testing ground to practice their hacking skills. But I mean, an infiltration at this level really can pose as a whole new type of ransomware.

Like, just hypothetically, imagine a phone call from Putin to the president of the Dominican Republic where Putin could say something like, listen, we want you to support our war with Ukraine, and if you don't, we'll turn your whole country off. Because they can. With their hand in so many agencies, networks, and critical infrastructure, they could just shut down the Dominican Republic.

Like, just hypothetically, imagine a phone call from Putin to the president of the Dominican Republic where Putin could say something like, listen, we want you to support our war with Ukraine, and if you don't, we'll turn your whole country off. Because they can. With their hand in so many agencies, networks, and critical infrastructure, they could just shut down the Dominican Republic.

And that would be a form of ransomware, wouldn't it be? No, this was just a hypothetical. I have no idea if Putin has any relations with the Dominican Republic. At some point, do you contact the president and say, hey, we've got a really big deal. It's not just your normal malware, but this is a geopolitical problem.

And that would be a form of ransomware, wouldn't it be? No, this was just a hypothetical. I have no idea if Putin has any relations with the Dominican Republic. At some point, do you contact the president and say, hey, we've got a really big deal. It's not just your normal malware, but this is a geopolitical problem.

Of course, attribution is very hard when it comes to cyber attacks. It's incredibly easy to hide in the shadows on the internet. So even though there are some things that point to this being Russia and dark caracol, How confident can you really be? Especially when you're on the phone briefing the president. Maybe someone else just got a hold of the Bandook malware or Conti ransomware.

Of course, attribution is very hard when it comes to cyber attacks. It's incredibly easy to hide in the shadows on the internet. So even though there are some things that point to this being Russia and dark caracol, How confident can you really be? Especially when you're on the phone briefing the president. Maybe someone else just got a hold of the Bandook malware or Conti ransomware.

Maybe someone wants you to think that it was those threat actors attacking you just to throw you off the scent. Because we've seen threat actors put in fake clues to do just that before. For this situation, there were a lot more questions than there were answers. If Dark Caracol is Lebanese-based, why would they be working with Russia or Conti?

Maybe someone wants you to think that it was those threat actors attacking you just to throw you off the scent. Because we've seen threat actors put in fake clues to do just that before. For this situation, there were a lot more questions than there were answers. If Dark Caracol is Lebanese-based, why would they be working with Russia or Conti?