Omar Avilez

Basically, I want to see all the computers where Domino's users are local admins.

Basically, I want to see all the computers where Domino's users are local admins.

This story starts much earlier, you know. Okay, so this is Omar, and he lives in the Dominican Republic, which is an island in the Caribbean Sea.

This story starts much earlier, you know. Okay, so this is Omar, and he lives in the Dominican Republic, which is an island in the Caribbean Sea.

Let me introduce myself before I start talking about the incidents. So I used to work in the Dominican Republic National Desert, which is the National Cybersecurity Incident Response Team.

Let me introduce myself before I start talking about the incidents. So I used to work in the Dominican Republic National Desert, which is the National Cybersecurity Incident Response Team.

So when the incident in Costa Rica happens, they contact us. just to ask for help.

So when the incident in Costa Rica happens, they contact us. just to ask for help.

You know, it was like a massive malware campaign in Costa Rica. They were targeting government organizations through phishing, exploiting vulnerabilities. But they, you know, compromised all the departments separately.

You know, it was like a massive malware campaign in Costa Rica. They were targeting government organizations through phishing, exploiting vulnerabilities. But they, you know, compromised all the departments separately.

We found an implant. a piece of malware.

We found an implant. a piece of malware.

But the malware, the implant was on the system from 10 to 11 months ago.

But the malware, the implant was on the system from 10 to 11 months ago.

It was a malware that did privilege escalation. So it exploded a window of vulnerability that was unknown to the Okay, this just got worse.

It was a malware that did privilege escalation. So it exploded a window of vulnerability that was unknown to the Okay, this just got worse.

They exploited a vulnerability, an unfortunate firewall. that allowed them to have VPN access to the infrastructure. So with the VPN access, they managed to compromise the entire organization and then try to ransom the organization.

They exploited a vulnerability, an unfortunate firewall. that allowed them to have VPN access to the infrastructure. So with the VPN access, they managed to compromise the entire organization and then try to ransom the organization.

So... That went very public. So on the investigation, we found out the attacker got into the network via a phishing attack, but that didn't tell us much information. So we concluded the investigation or the report without any attribution. So we just know that somebody compromised the system.

So... That went very public. So on the investigation, we found out the attacker got into the network via a phishing attack, but that didn't tell us much information. So we concluded the investigation or the report without any attribution. So we just know that somebody compromised the system.