close
close

Cyberattacks continue to decline as security vulnerabilities are fixed

Cyberattacks continue to decline as security vulnerabilities are fixed

STERLING… when we look at the fragilities, we also see a downward trend in the region

The significant drop in vulnerabilities is attributed to a more than 70 percent decrease in attempted cyberattacks on local networks since the beginning of this year.

Lieutenant Colonel Godphey Sterling, Chief of the Jamaica Cyber ​​Incident Response Team (JaCIRT), explained this observation. Jamaica Observer Trends in the region remain encouraging so far, especially when it comes to vulnerabilities, with local cyber attacks dropping by nearly 78 percent through the first half of this year, an interview this week said.

Vulnerabilities, which are areas of weakness or opportunity in an information system, allow cybercriminals to exploit and gain unauthorized access to a computer system. If left untreated, these vulnerabilities can weaken systems and open the door to malicious attacks.

“When we look at the weak points, we also see a downward trend in the region. This time last year we were tracking 25 categories of vulnerabilities affecting more than 73,000 unique IP addresses, but this year the categories expanded to 38, while the number of unique IP addresses we’re currently tracking dropped by nearly 62 percent. 27,755. “This was largely due to fixing a major security vulnerability in our ecosystem,” he said. Business Observer.

After patching a CPE WAN Management Protocol (CWMP) vulnerability affecting more than 90,000 compromised IP addresses, a series of remediation efforts, or “middle man attacks,” resulted in that address count dropping to just over 25,000 this year. We found that the fix Sterling said also made a significant difference in reducing the level of vulnerability nationally, with approximately 70,000 fewer devices no longer vulnerable or becoming potential threats in the local ecosystem.

Said to be one of the most common protocols on the Internet, CWMP allows service providers to remotely configure customer premises equipment (CPE) such as cable modems and home routers. Experts say the administrative powers typically granted by CWMP, which are flawed by design, make it a substantially higher security risk and a more sought-after target by hackers.

“CWMP is just one of almost 290 vulnerabilities that we monitor on a daily basis, but it’s the type of backbone that really facilitates most of the others, so it’s been really good to be able to address that,” Sterling said.

“When we look at vulnerable Internet of Things (IOT) devices in the ecosystem, we see a downward trend in this area as well. “We are currently monitoring more than 50,000 devices deemed vulnerable across 13 suppliers, but we are working with device owners to see how we can best treat each one,” he added.

Emphasizing that the age of some vulnerabilities, some of which are as old as five years, is concerning, Sterling said that all steps are taken to get rid of compromised connections in the local network through regular monitoring and updates of JaCIRT.

Praising the work of JaCIRT and a number of cybersecurity partners who are actively monitoring the space, the director said these organizations, particularly his own organization overseen from the government level, continue to move towards becoming leaders in cyber incident response and management. They aim to improve the hygiene of Jamaica’s cyberspace.

Despite major successes in an overall reduction in cyberattacks last year, the JaCIRT president said increases in ransomware and other issues related to more targeted attacks remain a concern for the agency.

“We have monitored or responded to 11 such attacks to date, compared to nine in the entirety of last year, and we continue to see these increases in those reported. We are also seeing ransomware activity initiated by the ransom hub in the region and the reintroduction of the BianLian ransomware group, which we have not seen since 2021, indicating that attacks are becoming more targeted and sophisticated.

Sterling also stated that JaCIRT has taken action to raise cybersecurity awareness in the local environment as part of its response, adding, “Hackers are going after specific targets rather than trying to endanger many people.” .

He said that as October is observed as ‘Cyber ​​Security Awareness Month’, the agency will take action this year to launch a range of products and new strategies aimed at strengthening the country’s cyber security framework.

“This year, we hope to go even bigger and better, starting with the official launch on October 9th. We then hope to operate three days a week (Tuesday, Wednesday, Thursday) for a month for various projects. We will target schools with our lecture series on Tuesdays and the general population through webinars on Wednesdays. On Thursdays, we want to have fireside chats or panel discussions on current cybersecurity issues,” the director said.

“We also have a number of products that we will be launching, particularly our social media guide for K12 and youth, and those are among the other key things we are looking to bring out. “Additionally, we will take action to tighten synergies with some of the managed cybersecurity companies while partnering to address governance, risk and compliance issues in the local industry,” he continued.

In his prediction for the rest of this year, Sterling predicts that attacks will trend further downwards, with a slight increase likely in mid-November as the country enters the Christmas holiday season.

“Our approach here will not be to wait and see what happens, but to tailor our messaging a little more towards the holiday season and make sure it reaches especially the most vulnerable, including young people, seniors and small businesses. They’re not doing cybersecurity for themselves,” he said.