The cybersecurity arm of the Ministry of National Security is warning the country of a sharp increase in malicious cyber activity over the past two months and police are urging those affected to come forward with reports of these incidents.
A day after Massy Stores confirmed that it was the target of a cyberattack, the Ministry, through its Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT), urged all entities to adopt a heightened state of awareness.
Although the unit did not identify the number of cases that prompted the Ministry’s statement, it said that those being targeted include local and regional entities.
It noted that the top threats to T&T were Ransomware, Social Engineering (Phishing) and Malicious Insiders.
It also warned that the most prominent vectors used against local entities were the exploitation of system vulnerabilities (particularly outdated firewall appliances and email systems), Phishing emails with infected attachments or links and compromised user credentials.
Contacted yesterday, president of the Supermarkets Association of Trinidad and Tobago Rajiv Diptee said Massy Stores’ infiltration was not an isolated incident.
“We’ve seen a spike in activity in these kinds of incidents over the last two years and these incidents go unreported,” said Diptee.
However, the Cyber and Social Media Unit (CSMU) of the Trinidad and Tobago Police Service (TTPS) told Guardian Media that people aren’t reporting these incidents and therefore there is little they can do.
“As of today, no reports have officially come to the Cyber and Social Media Unit. I have been in contact with TT-CSIRT and they have also informed me that relative to these recent items on social media and what’s in the news officially have not come to the Ministry,” said CSMU Head Inspector Daniel Hernandez.
Inspector Hernandez said businesses are reluctant to make a report because it may discourage commerce.
“We know there is an issue that comes up called reputational risk and businesses are concerned with bringing their information to the Police but if you don’t come then you run the risk of not only you becoming a victim but other people in your sphere, the report gives us a greater picture as to what is happening in the cyber landscape and that will give us the ability to inform the public as to what is really happening.”
He added that the TTPS cannot intervene or investigate unless the victim comes forward.
“That cannot happen, as a police establishment that report has to be made, we have to have a victim, so I cannot go onto someone’s premises or access their private information, one of the most important things we treasure is the private information of citizens and I don’t have the authority to just walk into Massy and say I want to investigate.”
Inspector Hernandez said people are underutilising the unit as they have received no reports of cyberattacks so far this year.
And while he said his unit is ready and does have the capacity to get people justice, there are still no cybercrime laws in Trinidad and Tobago.
“I want that to be clear, there is no cybercrime law, yes a Bill came forward, we know that Bill has lapsed but there is work being done to get certain adjustments to the Computer Misuse Act and that should open up some doors and give us some teeth.”
Digital Anthropologist Daren Dhoray said that is a big problem in this increasingly digital world.
Dhoray admitted that while cyber threats are a worldwide issue, the frequency of incidents in this country is concerning.
“I don’t think we would have seen this type of activity in such a short space of time, but the fact of the matter is, they have our attention, the question is what is our next move.”
Dhoray said this week’s incidents should be a reminder to people that they must now secure their data like they do with their lives and their possessions.
“Ensure you have an updated anti-virus software, if you have really important information on your computer, consider paying for the paid version of those packages, stop using weak passwords, set up two-factor authentication and be really diligent with emails that you receive from unknown sources.”
Today all SuperPharm stores will be closing at 10 pm to facilitate an upgrade to their Information Technology systems. Dhoray said that is exactly what companies should be doing right now.
“Companies really need to pay attention, they need to ensure they have tried and tested backup facilities and listen to the professionals they may sound paranoid but now is not the time to ignore them.”
Dhoray said while businesses may not want to take the time off necessary to improve their systems, a cyberattack may cost them more in the long run.
“So, customers should prepare for an inconvenience in the coming weeks as companies prepare for what could be the inevitable.”
Meanwhile, the Trinidad and Tobago Chamber of Industry and Commerce (TTCIC) said it is sure that many other attacks were not brought to the general public.
Chief Executive Officer Ian De Souza said, “The unfortunate issue is that cybercrime, like other crime, is going to be a part of our daily lives, what becomes important therefore is what we do to protect ourselves. There is a log of information and a lot of technology also to help counteract the problem.”
Massy Stores released a statement yesterday saying that its Westmoorings, Maraval, Alyce Glen, St Augustine, El Dorado, Chaguanas and Brentwood branches were reopened for business as it continues “to work assiduously to get the rest of our locations back up and running.”
At 5 pm yesterday Massy Stores added that its curbside pickup remains affected with a further update expected today.