JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web browser. It makes web pages functional for specific purposes and if disabled for some reason, the content or the functionality of the web page can be limited or unavailable.

Wednesday, April 30, 2025

T&T under attack

by

Joel Julien
1091 days ago
20220505

Sat­ur­day marks ex­act­ly one year since the largest pub­licly dis­closed cy­ber­at­tack against crit­i­cal in­fra­struc­ture in the US took place.

Colo­nial Pipeline was the vic­tim of a ran­somware at­tack.

Colo­nial Pipeline Chief Ex­ec­u­tive Joseph Blount told a US Sen­ate com­mit­tee that the com­pa­ny learned of the at­tack short­ly be­fore 5 am on May 7, when an em­ploy­ee dis­cov­ered a ran­som note on a sys­tem in the IT net­work.

The hack took down the largest fu­el pipeline in the US and led to short­ages across the East Coast.

And in re­sponse, the US gov­ern­ment de­clared a state of emer­gency.

Brett Ramirez of Di­agon Con­sult­ing be­lieves these kinds of at­tacks are some­thing we should be mind­ful of here in T&T.

“This whole cy­ber war­fare can es­ca­late in­to life-threat­en­ing events and peo­ple are not tak­ing note of this,” Ramirez told the Busi­ness Guardian.

Ramirez said he be­lieves that hack­ers may start at­tack­ing the op­er­a­tional tech­nolo­gies (OT) which “in­clude things like wa­ter plants, en­er­gy com­pa­nies, oil and gas, elec­tric­i­ty, and God for­bid nu­clear.”

OT, or op­er­a­tional tech­nol­o­gy, is the prac­tice of us­ing hard­ware and soft­ware to con­trol in­dus­tri­al equip­ment, and it pri­mar­i­ly in­ter­acts with the phys­i­cal world.

“If you are able to get (hack) in­to these plants you could dam­age be­yond be­lief,” Ramirez said.

“If I were to start talk­ing to gov­ern­ments in the re­gion and T&T I would def­i­nite­ly say T&TEC, and WASA, oil and gas (com­pa­nies), you need to get your house in or­der, make sure that your back­ups, your net­work has to be com­plete­ly sev­ered from your IT net­work,” he said.

Ramirez said while plants may not be ac­ces­si­ble through the in­ter­net and pub­lic fo­rums or pub­lic do­mains, what hap­pens is that the com­pa­ny’s IT en­vi­ron­ment does have a web­site and with the gen­e­sis of the COVID-19 pan­dem­ic, more em­ploy­ees start­ed work­ing from home.

Blount told a US Sen­ate com­mit­tee that the Colo­nial Pipeline at­tack oc­curred us­ing a lega­cy vir­tu­al pri­vate net­work (VPN) sys­tem that did not have mul­ti­fac­tor au­then­ti­ca­tion in place.

“In the case of this par­tic­u­lar lega­cy VPN, it on­ly had sin­gle-fac­tor au­then­ti­ca­tion,” Blount said. “It was a com­pli­cat­ed pass­word, I want to be clear on that. It was not a Colo­nial123-type pass­word.”

Ramirez re­ferred to the Petrotrin web­site be­ing hacked some years ago as ev­i­dence that these types of com­pa­nies could be tar­gets.

“It is not a mat­ter of if you are go­ing to get hacked it is about when,” Ramirez said.

But he said this should just be tak­en as an in­cen­tive for com­pa­nies to pre­pare them­selves.

This, he said, is the goal of Di­agon Con­sult­ing.

“We want­ed to sit in the space of not just help­ing com­pa­nies di­ag­nose what their weak­ness­es are and what their ex­po­sures are, we want­ed to help in terms of be­ing able to im­ple­ment. We im­ple­ment cy­ber so­lu­tions that would pre­vent, that would de­tect, and that would re­spond if there is an in­ci­dent,” he said.

Ramirez said with the dig­i­tal trans­for­ma­tion and the thrust tak­ing place with re­gion­al gov­ern­ments and com­pa­nies, there may be huge cy­ber im­pli­ca­tions.

Ramirez said things like ran­somware and oth­er soft cy­ber at­tacks have been around for over 20 years in the re­gion.

“The dif­fer­ence in our re­gion, and I think that this is un­for­tu­nate, is that we do not have the laws that man­date that these things get re­port­ed,” he said.

Ramirez, there­fore, called for the in­tro­duc­tion of leg­is­la­tion to man­date com­pa­nies to re­port cy­ber at­tacks.

“We know for a fact based on what we have seen over the past few years there has been a def­i­nite up­surge in cy­ber ac­tiv­i­ty,” he said.

“We have been deal­ing with ac­tiv­i­ties in T&T where the bad ac­tors have ac­tu­al­ly asked for cryp­tocur­ren­cy,” Ramirez said.

Last week Massy Stores was the tar­get of a cy­ber­se­cu­ri­ty at­tack which led to the tech­ni­cal dif­fi­cul­ties ex­pe­ri­enced at all stores across the coun­try.

Group fi­nan­cial of­fi­cer Ian Chi­napoo said Massy has been work­ing for years on hard­en­ing its cy­ber se­cu­ri­ty and this is in part why the hit on Massy stores was not as bad as it could have been.

He said the is­sue of cy­ber se­cu­ri­ty has been at the fore­front of the au­dit and risk com­mit­tee of the Massy Board and they have em­ployed both lo­cal and for­eign ex­perts to hard­en the com­pa­nies in its group de­fences.

He added that among the mea­sures Massy has un­der­tak­en is pen­e­tra­tion test­ing, where there is an at­tempt to hack the de­fence of its sys­tems, and em­ploy­ee train­ing.

“We have over 12,000 em­ploy­ees so while we con­tin­ue to train, noth­ing is risk-free and noth­ing is full proof.”

Chi­napoo said Massy has seen in­creased at­tacks in the re­gion and con­tin­ues to mon­i­tor those at­tacks and hard­en its de­fences.

The T&T Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team (TT-CSIRT) last week re­port­ed that it has ob­served a “sharp in­crease” in ma­li­cious cy­ber ac­tiv­i­ty tar­get­ing lo­cal and re­gion­al en­ti­ties over the past two months.

The TT-CSIRT urged all en­ti­ties (pub­lic and pri­vate) to adopt a height­ened state of aware­ness.

It said that ran­somware, so­cial en­gi­neer­ing (phish­ing) and ma­li­cious in­sid­ers were the top threats to the coun­try.

Speak­ing to the Busi­ness Guardian an­oth­er ex­pert who re­quest­ed anonymi­ty stat­ed that it ap­pears that many of our lo­cal or­gan­i­sa­tions do not place ICT & Cy­ber­se­cu­ri­ty as a pri­or­i­ty in their bud­gets and in­vest­ment pro­file de­spite the shift in the glob­al en­vi­ron­ment to­wards an in­creas­ing­ly in­te­grat­ed dig­i­tal econ­o­my.

“This lack of pri­ori­ti­sa­tion and sub-op­ti­mal in­vest­ment ex­hibits it­self both in qual­i­ty of the tech­nol­o­gy pur­chased as well as the qual­i­ty of the hu­man cap­i­tal re­cruit­ed (in­clud­ing con­sult­ing ad­vice re­ceived).

“Crit­i­cal busi­ness sys­tems re­main un­patched and not up­dat­ed, equip­ment and soft­ware at end of life and there­fore un­sup­port­ed is still in use at cus­tomer fac­ing lev­els and per­haps most crit­i­cal of all, em­ploy­ees, in­clud­ing ex­ec­u­tives are not ex­posed to cy­ber­se­cu­ri­ty readi­ness train­ing/ca­pac­i­ty build­ing ac­tiv­i­ties.

“Al­though up­dat­ed tech­nol­o­gy can help mit­i­gate, many at­tacks orig­i­nate through so­cial en­gi­neer­ing tech­niques, as cy­ber at­tack­ers are very much aware that hu­mans and hu­man be­hav­iour re­main the weak­est link in any or­gan­i­sa­tion,” the source stat­ed.

The ex­pert added that it would be “cat­a­stroph­ic” if or­gan­i­sa­tions do not move to pro­tect them­selves against cy­ber­at­tacks at this time.

“Many of our fi­nan­cial in­sti­tu­tions and large busi­ness or­gan­i­sa­tions have re­gion­al op­er­a­tions and at­tacks do not have to orig­i­nate in T&T to be felt in T&T.

“Ran­somware at­tacks, in par­tic­u­lar, where cus­tomer, em­ploy­ee and oth­er mis­sion crit­i­cal da­ta is en­crypt­ed and lit­er­al­ly ‘held to ran­som’ by at­tack­ers can po­ten­tial­ly crip­ple an en­tire or­gan­i­sa­tion’s re­gion­al op­er­a­tions for weeks while a so­lu­tion is sought.

“We have al­ready seen ev­i­dence of these types of out­ages over the last year or two,” the source stat­ed.


Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored