Major cyber-security breaches discovered locally
The Information and Communications Technology Authority (ICTA) has seen a rise in cyber attacks including major security breaches such as instances of ransomware and denial of service (DoS) attacks.
These attacks can result in cases of online extortion, data loss and service disruptions.
To confront the problem the ICTA announced earlier this year that it plans to make internet security in the Cayman Islands one of it main priorities.
ICTA Licensing, Compliance and Cybersecurity Officer and Deputy FOI Manager Sonji Myles told The Cayman Reporter that in the last few months the ICTA’s cyber security arm, Cyber Incident Response Team (CIRT-KY) became aware of instances of ransomware being deployed locally.
“Ransomware- or ‘digital extortion’ is a type of malicious software that prevents or limits users from accessing their system or data. This type of malicious software forces its victims to meet demands or pay a ransom through certain online payment methods, usually via hard to trace digital currency like Bitcoin, in order to regain access to their systems, or to get their data back,” he explained.
“We are also aware of Denial of Service attacks. In a type of DoS attack, an attacker attempts to prevent legitimate users from accessing information or services usually by overloading a system rendering it incapable for executing normal processes. A recent successful DoS attack targeted an internet service provider causing considerable internet service disruptions to the provider’s customers,” he disclosed.
CIRT-KY confronts and manages potential cyber threats to both the government and the business community on a regular basis. Its mission is to enhance the security and resilience of the Cayman Islands’ critical infrastructure, and maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy and protecting the perception and reputation of the jurisdiction.
The team is made up of Information Technology and cyber-crime experts from both the public and private sectors.
Mr Myles noted that, “CIRT-KY has assisted in confirming vulnerabilities in critical infrastructure. This is physical and digital infrastructure that supports a national function or interest. We have also been instrumental in highlighting unknown data breaches that could have resulted in thousands of private user details being accessible online.”
However, the department’s tackles phishing and spear phishing more than any other cyber-security threats that menace the country. They have discovered that “there are hundreds if not thousands of phishing campaign emails circulating the islands” and they are“increasing in technical sophistication and social engineering skill”.
To address the problem, the department focuses public awareness efforts that keep the individual user informed of the dangers of these threats.
Mr Myles explained, “Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email or other communication channels.
“Spear Phishing is a targeted form of phishing in which fraudulent emails or communication target specific organisations [or persons] in an effort to gain access to confidential information,” he added.
ICTA Managing Director Alee Fa’amoe announced the rise in cyber and data protection incidents in Cayman in February, stating there are potential and real vulnerabilities, both within the public and private sectors.
However, the ICTA was unable to quantify and clearly state by how much these incidents in Cayman have risen.
Mr Myles clarified, “CIRT-KY works independently and with public and private sector entities offering varying resource to combat cyber threats daily. The magnitude, varying complexity of threats, data protection/confidentiality considerations and critical nature of threats make quantifying actual threats difficult.”
He mentioned that it is hard to determine by how much these threats have risen without islandwide collective statistical reporting.
“It is safe to say that through empirical evidence shared within the cyber community locally, dealing with cyber threats and implementing systems and procedures to mitigate them are now the main priorities of IT professionals. This indicates to us that there is an increased in incidents and need for continued preventative and combative measures,” said Mr Myles.
Mr Fa’amoe said the ICTA will continue development of CIRT-KY, as it relates to protecting the critical national infrastructure of the country from these attacks.
“The CIRT has been dealing with them diligently but we will be increasing our efforts to better secure and protect the sensitive information that circulates in and out of government, our financial community, our electronic devices and our cell towers, and we will make sure we educate the public as we go along to ensure that everyone has the knowledge and also feels a level of comfort that steps are being taken to protect them,” Mr Fa’amoe said.
By the end of May, CIRT plans to launch its website which will be used primarily to keep the public informed about cyber threats and incidents both locally and internationally.
The site will also provide people with tips on how to protect themselves from hacking and other cyber crimes.
Mr Fa’amoe said that a CIRT forensic unit will also be established. The purpose of this unit will be to assess threats, detect vulnerabilities, provide technical resource locally, assist the Royal Cayman Islands Police Service (RCIPS) in technical recovery, detection and other investigation needs.
The unit is expected to be made up of specialist trained technicians – some permanent and some seconded from the RCIPS and Cayman Islands Monetary Authority (CIMA).
The ICTA also has plans to outfit a lab for the CIRT branch, which will be located within the Information Communications and Technology section of the new Office of Competition and Regulation, Mr Myles stated.
Mr Fa’amoe explained, “Not only are we deploying cyber-security controls within all ministries, departments and agencies of the government, but the plan is to implement these measures in the telecommunications sector as well.”