Soft target for cyber gangs

Significant vulnerabilities in Jamaica’s cyberinfrastructure have rendered the country a “soft target” for ransomware, placing the island nation firmly within the cross hairs of “disrupted” cyber gangs.

Local banks are among corporate bodies often targeted, according to Jamaica Cyber Incident Response Team (JaCIRT) director Colonel Godfrey Sterling, and fall at the top of the corporate ladder of organisations under-reporting cyberattacks.

In a Gleaner interview on Monday, Sterling said cyber gangs, which traditionally operate within Europe, rake in tens of millions of dollars from local businesses and, possibly, individuals as part of a global ransomware scheme that is projected to cost US$6 trillion by 2026.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Pointing to the Colonial Pipeline incident which cost the oil company US$5 million following a ransomware attack by a Russian cyber gang in May last year, Sterling said international law-enforcement agencies have managed to disrupt the operations of that and other gangs and websites.

“When you disrupt their activities, sometimes they splinter, and in an effort to recoup the losses they go after soft targets. Because of the maturity level of Jamaica’s cyberinfrastructure, Jamaica is, by and large, considered a soft target,” the colonel said.

He disclosed that JaCIRT identifies thousands of threats annually, but only 200 or so cyber incidents are reported to the national cyber incident response team.

Sterling said one of seven sources monitored by JaCIRT showed, within the last week, that there were more than 125,000 spam and malware attacks.

He said, however, that JaCIRT receives approximately 10 or 20 every quarter.

“So when you bring all of those together, you’re beginning to see the sort of landscape that we’re talking about. And so even though we might get for December just about 10 or 20 reports, what the feeds are telling us is that there is a lot more going on,” said Sterling.

He said in many instances, persons and companies are aware but choose, after doing a cost-benefit analysis, not to report the incident.

In the event that those attacked do come forward, the colonel said some, after comprehending what it takes to conclude the process, make an about-turn.

He said in the case of cybercrimes, local banks sit at the top of corporate bodies that opt not to report incidents.

“Banks, for example, don’t report what’s happening to them. They just deal with the individual client or customer who may be impacted and it is kept off the radar.

“So, what you end up with is when we do a report on our numbers, it is significantly below what is happening out there,” he said.

But the JaCIRT director argued that hesitancy or a refusal to report incidents, in most instances, leaves other sectors vulnerable to similar attacks.

He said entities choosing to deal directly with cyber gangs also leave the door open for additional problems.

“If you decide on your own to pay the ransom, they might just simply ask you for more money; the decryptor you get might not work; it might not work as you think it should, and if you do not try to figure out how the system was compromised and what compromised it, even if you get the decryptor that works, all you’ve done is just given them an opportunity to hit you again and again,” Sterling warned.

“You’ve not really fixed the problem. You’ve just dealt with a symptom of it.”

He said the Government, from a legislative and strategic standpoint, is moving to create an environment within which there is the sharing of information, the creation of repositories of vulnerabilities, and exploitation that will encourage individuals and corporate bodies to report incidents.

He also said that local instances of ransomware are expected to increase this year but noted that JaCIRT is preparing to combat that trend.

“It is something that we are trying to prepare the constituents within the .jm domain to be prepared for,” he said, noting that work-from-home policies will cause an increase in attacks and vulnerabilities.

Only last week, The Gleaner reported on a major data security breach at Northern Caribbean University (NCU) in Manchester where hackers demanded bitcoin amounting to millions of dollars for the release of accounting and other files.

NCU ranked fifth among the top 20 leaked .jm domains.

The University of Technology, Jamaica, Tax Administration Jamaica, Excelsior Community College, and Jamaica Constabulary Force websites rounded out the top five.

kimone.francis@gleanerjm.com