Jack Rhysider

The first person that you get, the first tier support tells you stupid things like, okay, sir, did you try rebooting the system? And you're like, come on, please, please, please, please, please connect me to somebody who knows what they're doing over there. And they simply cannot. So you need to ask for a manager. And then the manager doesn't know how to fix it.

The first person that you get, the first tier support tells you stupid things like, okay, sir, did you try rebooting the system? And you're like, come on, please, please, please, please, please connect me to somebody who knows what they're doing over there. And they simply cannot. So you need to ask for a manager. And then the manager doesn't know how to fix it.

And they don't want to admit that their software has vulnerabilities in it. So you go back and forth trying to troubleshoot it for days. It's tedious and time-consuming before they escalate it to the next tier support and eventually you get an engineer or a developer who knows this system inside and out and can recognize the problem and replay it and fix it right away.

And they don't want to admit that their software has vulnerabilities in it. So you go back and forth trying to troubleshoot it for days. It's tedious and time-consuming before they escalate it to the next tier support and eventually you get an engineer or a developer who knows this system inside and out and can recognize the problem and replay it and fix it right away.

It's just that that person is behind like eight layers of support tiers before you can get to them. Now there's this quote from Bruce Schneier that has frustrated me but also educated me on the reality of cybersecurity. The quote goes like this. You can't defend. You can't protect. The only thing you can do is detect and respond.

It's just that that person is behind like eight layers of support tiers before you can get to them. Now there's this quote from Bruce Schneier that has frustrated me but also educated me on the reality of cybersecurity. The quote goes like this. You can't defend. You can't protect. The only thing you can do is detect and respond.

I get frustrated from that quote because I feel like we should be able to defend and protect. Why don't we have secure software that can do that? I mean, how many more years and technical advancements do we need before we can defend our networks? But the sad truth is we may never get there.

I get frustrated from that quote because I feel like we should be able to defend and protect. Why don't we have secure software that can do that? I mean, how many more years and technical advancements do we need before we can defend our networks? But the sad truth is we may never get there.

And so what Bruce is saying is we need to be assuming we're breached and to work on improving our ability to detect and respond to cyber threats. Somewhere in the middle of the storm, Omar realized that too. Instead of trying to build those walls up higher and higher to stop people from getting in, he needed to get better at detecting when they did get in.

And so what Bruce is saying is we need to be assuming we're breached and to work on improving our ability to detect and respond to cyber threats. Somewhere in the middle of the storm, Omar realized that too. Instead of trying to build those walls up higher and higher to stop people from getting in, he needed to get better at detecting when they did get in.

So he started installing more monitoring tools into the network so that he could watch more closely what was going on in there. And this allowed him to understand where Cobalt Strike was and spot it and the Bandook malware and Conti ransomware and Dark Caracal and where it was in the network and how it was moving around, giving him a beautiful view into which systems were infected.

So he started installing more monitoring tools into the network so that he could watch more closely what was going on in there. And this allowed him to understand where Cobalt Strike was and spot it and the Bandook malware and Conti ransomware and Dark Caracal and where it was in the network and how it was moving around, giving him a beautiful view into which systems were infected.

There's now a third threat actor involved in this attack? Just before all this happened in the Dominican Republic, there was some crazy drama going on in the Conti ransomware gang. So Conti, we know, is based in Russia. And they came out publicly in support of Russia's invasion of Ukraine.

There's now a third threat actor involved in this attack? Just before all this happened in the Dominican Republic, there was some crazy drama going on in the Conti ransomware gang. So Conti, we know, is based in Russia. And they came out publicly in support of Russia's invasion of Ukraine.

Well, I guess someone close to Conti did not like this and decided to publicly leak 60,000 messages between the Conti group and other people. And these leaked messages showed that the Russian government had been hacking into places that just seemed to be in poor taste, you know, like hacking medical researchers.

Well, I guess someone close to Conti did not like this and decided to publicly leak 60,000 messages between the Conti group and other people. And these leaked messages showed that the Russian government had been hacking into places that just seemed to be in poor taste, you know, like hacking medical researchers.

So it's not a far-fetched to think that Conti may be working with the Russian government, or that the Russian government would be attacking smaller countries, sort of as a testing ground to practice their hacking skills. But I mean, an infiltration at this level really can pose as a whole new type of ransomware.

So it's not a far-fetched to think that Conti may be working with the Russian government, or that the Russian government would be attacking smaller countries, sort of as a testing ground to practice their hacking skills. But I mean, an infiltration at this level really can pose as a whole new type of ransomware.

Like, just hypothetically, imagine a phone call from Putin to the president of the Dominican Republic where Putin could say something like, listen, we want you to support our war with Ukraine, and if you don't, we'll turn your whole country off. Because they can. With their hand in so many agencies, networks, and critical infrastructure, they could just shut down the Dominican Republic.

Like, just hypothetically, imagine a phone call from Putin to the president of the Dominican Republic where Putin could say something like, listen, we want you to support our war with Ukraine, and if you don't, we'll turn your whole country off. Because they can. With their hand in so many agencies, networks, and critical infrastructure, they could just shut down the Dominican Republic.