Blitzkrieg on Ransomware - Tech News TT

Blitzkrieg on Ransomware – Tech News TT

Above: Illustration by Chayanaelexir / DepositPhotos.

BitDepth #1381 dated November 21, 2022

Between November 1 and 3, the American Chamber of Commerce in Trinidad held its annual HSSE Awards, but in a room alongside the main health and safety talks and awards, a small group of IT professionals spoke about cybersecurity.

This parallel elevation of data integrity to risk management levels was not as misplaced as it might seem.

Growing awareness of the threat of data breaches to both business continuity and personal safety in which hackers steal and distribute reasonably deep caches of Personally Identifiable Information (PII) has been raised by AMCHAM to the highest level of corporate concern.

The numbers are staggering.

According to Sim Ponnambalam, CEO and founder of cybersecurity firm xahive, software supply chain attacks affected three out of five companies in 2021.
The SolarWinds software supply chain attack affected 18,000 companies.

There was a ransomware attack against a company every 11 seconds in 2021. By 2030, the frequency of such attacks is expected to come every 2 seconds.
Even these frightening numbers may be underestimated.

Sim Ponnambalam from xahive

“A lot of times, accidents go unreported,” Ponnambalam said.

“While the default situation is to refuse to pay for the release of encrypted data in a ransomware attack, 38 percent of organizations that suffered such attacks have paid,” said Marcelo Ardiles, cybersecurity consultant at Hitatchi Systems.

Of those who paid, 61 percent did so to avoid downtime. Another 53 percent paid to avoid reputational damage, and 53 percent paid to secure ransomware.

The average payment since the third quarter in 2021 is $322,000. Companies are targeted according to their revenue, and cryptocurrency crime losses are estimated to be around $30 billion by 2025.

Angus Smith, director of the Cybersecurity Incident Response Team (TTCSIRT), noted that the agency, which convened in 2010 and became operational in 2017, is fundamentally hampered by the lack of effective legislation available.

Without the effective promulgation of the 2017 Cybercrime Law (which ran into trouble with media professionals who objected to wording that limited the practice of journalism) and the National Cybersecurity Agency bill, there can be no effective governance and coordinated management of incidents of cybersecurity breaches.

Cybersecurity incidents were reported to TTCSIRT between 2019 and 2022

Under current law, it is not even clear whether some recent security breaches have been recognized as crimes by the wording of the current law, the twelve-year-old Computer Misuse Act, which is a relic of ancient expectations for the misuse of computer technology.

The government’s current strategy is to amend the Computer Misuse Act to align with Protocol II of the Budapest Convention, which harmonizes core computer crime legislation across different countries to reduce judicial issues that don’t stop hackers.

No data commissioner has been appointed in Trinidad and Tobago, so many elements critical to the country’s cybersecurity response cannot be implemented and creation of the proposed national cybersecurity policy framework seems a long way off.

The framework is supposed to oversee the creation and implementation of the Critical Information Infrastructure Bill, the National Crisis Communication Plan, and empower the Data Commissioner to enforce mandatory reporting of cybersecurity events, breach notifications, and disclosure of vulnerabilities as part of the National Cybercrime Strategy.

Without a coordinated response from the public and private sectors, hackers continue to operate at great advantage.

There has already been a clear warning of what can happen when countries do not work together on cybersecurity.

Costa Rica was forced to declare a state of emergency and resort to paper documents after an attack by the Conte ransomware mob – which demanded $20 million – shut down tax and customs offices and other public utilities and services in April.

A secondary attack by the Hive ransomware group crippled public health services and systems. Prescriptions could not be filled, and workers went weeks without a paycheck.

Anish Bachchu from TTCSIRT

Anish Bachchu, cybersecurity analyst at TTCSIRT, noted that the top hacking group targeting Caribbean systems is Lockbit and that many attacks come through improperly configured firewalls, unpatched software vulnerabilities and compromised user credentials.

“Trinidad and Tobago is under attack daily,” Bachchu said.
Between 2019 and 2022, TTCSIRT recorded 48 phishing attacks, 40 data breaches and system breaches, and 13 ransomware attacks.

Citing one real world example of a domestic ransomware attack on an unnamed company, Bachchu explained that all of the company’s data and backups were encrypted by the ransomware suite.

The company partially restored a years-old off-line backup and had to revert to manual processes, rebuilding the business from paper documents and data obtained from suppliers.

The company has been working for months to recover its business data.

Next week: How a ransomware attack happens and how you can prepare for it.


#Blitzkrieg #Ransomware #Tech #News

Leave a Comment

Your email address will not be published. Required fields are marked *