CYBERCRIME ON THE RISE

Cybercriminals have targeted Jamaica’s security systems more than 19 million times in the first half of this year, and experts believe that figure could be much more as hackers launch more sophisticated global attacks.

The cyberattacks include ransomware and malware and targeted the country’s government, financial, education and medical sectors, noted a recent report from FortiGuard Labs – the threat intelligence and research arm of computer security provider, Fortinet.

Fortinet is a computer security provider in Latin America and the Caribbean, and the report reflects attacks made against its systems. According to the company, using the MITRE ATT&CK framework which classifies adversary tactics, techniques and procedures, it studies how cybercriminals target vulnerabilities, build malicious infrastructure, and exploit their targets.

In its semiannual Global Threat Landscape Report for 2023, the cybersecurity group recorded a total of 63 billion attempts of attacks in the January to June period. Brazil has been the most targeted this year with 23 billion attacks, followed by Mexico with 14 million, and Venezuela, Colombia, and Chile recorded 10 billion, five billion, and four billion attacks, respectively.

For all of 2022, there were a total of 360 billion attempted cyberattacks across Latin America and the Caribbean. Mexico received the most last year with 187 billion attacks. It was followed by Brazil with 103 billion, and Peru with 15 billion.

Some attacks not reported

The researchers could not say how many of the attacks were successful, and how much money may have been lost by the affected entities. Those numbers are particularly difficult to predict as many of the attacks go unreported, especially those relating to financial and sex crimes, local cyber experts explained.

“These attacks were sourced from or destined for IP addresses assigned to Jamaica,” Dain Daley, system engineer for Fortinet Jamaica, told The Sunday Gleaner last week. “We anticipate that some were either successful in penetrating a system or count as existing attacks communicating with malicious servers.”

He explained further that, “Some would have been foiled; however, we are not able to provide a quantity because some of these attacks are not reported due to privacy or internal policies. This would be based on individual affected companies, and whether they wish to share. Currently, there is no law requiring organisations to report on a successful cybersecurity attack/breach or its impact on business.”

Daley said that globally there has been an increase in cybercrimes since the onset of the COVID-19 pandemic and that Jamaica’s cases are catalysed by an increase in the number of teleworkers and unsecured mobile devices accessing countless networks worldwide.

He said most of the attacks stem from outside the island, and any Jamaican who uses a digital information system and the internet is at risk.

Last year, the Major Organised Crime and Anti-Corruption Agency (MOCA) estimated that more than $12 million is lost to cybercrime annually. Globally, losses due to computer crime are estimated between US$1 trillion in 2020 and US$6 trillion in 2021.

“It is difficult to say what exactly is driving these attacks; however, one reason is financial, in that a person can buy and sell data, vulnerabilities, malware, and various other forms of attacks without any knowledge or skill,” Daley noted, adding that the onus is on individuals and companies to protect themselves.

Dire situation

Lieutenant Colonel Godphey Sterling, head of the Jamaica Cyber Incident Response Team (JaCIRT), was not surprised at Fortinet’s latest findings.

Sterling described Jamaica’s cybercrime situation as ‘dire’ and gave three main reasons for this.

“Chief among them is the level of unpatched or unmitigated vulnerabilities. The second is the fear of being labelled as a victim of cyber incidents, and so that causes underreporting. And the third is a burgeoning sector of managed security providers, companies who offer cyber and/or information security services,” Sterling listed to The Sunday Gleaner last week.

Individuals are not safe either, he noted, citing one growing ‘SIM swapping’ racket, where fraudsters trick mobile carriers into transferring individuals’ phone numbers to SIM cards in their possession, allowing them to access personal information that is assigned to that number.

“With control of your phone number, the scammer can access your text messages and phone calls, which are often used for two-factor authentication. They can then use this access to reset passwords and gain control of your online accounts such as email, social media, and even bank accounts,” Sterling explained.

Twenty-four-year-old Toni Ann Brown, a sales representative from Gregory Park, and her spouse Haughton Hines, 35, a taxi operator, were among the latest persons arrested and charged in recent months in connection with SIM swapping.

Police charge that they used the technique to access the bank accounts of at least two individuals, employing a “sophisticated” method to shut down their mobile phones. One victim lost US$30,000, sleuths said.

Poor ‘password hygiene’

According to JaCIRT data, since the start of this year, it has received at least 108 complaints of cybercrimes, which involve phishing, malware/ransomware, unauthorised modification of information, abusive and violent sexual content, and an overwhelming amount of fraud cases.

Individuals were most affected, followed by private sector companies. So far this year, there have been at least 16 reports of cybercrimes targeting the public sector.

This is a significant increase from 2022, in which the entity said it was probing some 67 cases, six of them involving the public sector; and in 2021, when there were 83 cases, six of them involving public sector entities. In 2020, there were 86 reports. Seven involved the public sector.

“The entities (companies) that own these systems are often unaware that systems on their networks are pushing these malicious communications. That’s probably the largest group of attacks coming out of Jamaica,” Sterling said.

“From outside of Jamaica, we have domains being compromised and are being used as spam domains. That would be our second-largest threat, and then we have ransomware.”

He continued, “You also have persons who sign up on platforms that have become compromised. So it is not like they have done something wrong, but their credentials become compromised. The challenge is that we don’t practise very good password hygiene. So those compromised passwords, we use them across multiple platforms and for long periods.”

“More than 70 per cent of individual cases are really persons who see things online. They are given accounts to pay into and once they pay the sellers disappear. Once we get those and we assess it, it is usually turned over to law enforcement,” the cyber expert said, noting other cases involving identity theft and in which organisations fail to create backup systems in the event that their platforms become compromised.

According to the latest Economic and Social Survey of Jamaica released earlier this year, cybersecurity will remain a priority for Jamaica as the government continues to raise awareness and rely on its own technological abilities to stem the “borderless” crime.

“A number of cybersecurity capacity-building activities were held to identify awareness gaps and targets for improvement within the national security sector. This included a capacity-building initiative for the (Jamaica Constabulary Force) JCF’s Communication Forensics and Cyber Crime Division to bolster the cybersecurity and cybercrime investigative capacity of the division,” read the ESSJ report.

corey.robinson@gleanerjm.com

Highlights from FortiGuard Labs’ 2023 semiannual Global Threat Landscape Report

• In the first half of 2023, FortiGuard Labs detected more than 10,000 unique exploits, up 68 per cent from five years ago. The spike in unique exploit detections highlights the sheer of different types of malicious attacks security teams must be aware of and how attacks have multiplied and diversified in a relatively short amount of time. The report also shows over a 75 per cent drop in exploitation attempts per organisation, suggesting that while exploits variants have grown, the attacks are much more targeted than five years ago.

• There was a surge in wiper malware largely tied to the Russian-Ukraine conflict. The company observed wipers being used by nation state hackers, although the adoption of this type of malware by cybercriminals continues to grow as they target organisations in technology, manufacturing, government, telecommunications, and healthcare sectors.

• There was an exponential increase in the total number of “active days”, which the company defined as the amount of time that transpires between the first hit of a given botnet attempt on a sensor and the last. Over the first six months of 2023, the average time botnets lingered before command and control (C2) communications ceased was 83 days, representing over a 1,000 times increase from five years ago. This is another example where reducing the response time is critical because the longer organisations allow botnets to linger, the greater the damage and risk to their business.