On October 11th 2023, the Trinidad and Tobago Cybersecurity Incident Response Team (TT-CSIRT) held a webinar titled “Trinidad and Tobago Cyber Threat Landscape 2023”. In this webinar TT-CSIRT shared with the audience very pertinent information relating to the various cyber threats that have been recorded through their office.
Some of the top threat categories included:
- Insider Threat
- Data Leakage
Statistics was shared on incidents related to the threat categories as seen below:
It was also stated that Social Media incidents reported to the TTPS Cyber Crime and Social Media Unit amounted to:
- 770 social media reports in 2020
- 416 social media reports in 2021
As expected, Ransomware topped the list of major incidents during this period. Anish Bachu, Team Lead in Financial Services, Health Sector and ICS Security at TT-CSIRT stated that over the past 18 months (2022 into 2023) there has been more ransomware attacks than there has been in the past 4 years. It was reported that company data stolen via ransomware attacks have surfaced on the dark web.
Areas of concern that could be the cause of some of these incidents are the number of vulnerable systems that continue to surface.
These vulnerabilities manifested in the form of unsecured public ports particularly used for RDP or VPN, improperly patched operating systems, email (MS Exchange) servers, applications, outdated websites and generally systems that haven’t been updated in a timely manner. For 2023, there has been 5,066 of those detections.
TT-CSIRT stated that if a critical vulnerability is discovered and is found to have a severe impact on a service such as a government service, that they will intervene and report these findings to the respective government agency for action.
Another very informative piece of information shared in the webinar was related to phishing and the number of spam emails emanating out of Trinidad and Tobago.
Over the last two years (2022 into 2023) there has been almost 22,000,000 SPAM messages originating from Trinidad and Tobago through compromised devices and accounts with a majority of these messages coming from gov.tt and edu.tt domains.
Much more was covered in this 2 1/2 hour long session and can be viewed in the video at the end of this article. TT-CSIRT did not leave however without providing some tips on the way forward:
Their recommendations fall in line with methodologies that CyberSafeTT has spoken on time and again and suggested to the audience that they can follow the Center for Internet Security benchmarks for configuration recommendations of popular hardware and software applications.1