The Tribune

By YOURI KEMP

Tribune Business Reporter

ykemp@tribunemedia.net

Bahamian companies and the nation-at-large need to “step up their game” to protect critical IT (information technology) infrastructure against “advanced attacks” and hacks growing in sophistication.

Scott MacKenzie, chief executive of Bahamas-based Cloud Carib, told Tribune Business yesterday that he has been seeing an “increased amount of cyber attacks” globally and this country is not immune from being potentially targeted.

He raised the alarm following the recent ransomware attack on the US-based Colonial Pipeline, one of that country’s major oil pipeline systems, which resulted in a shutdown and loss of supply that has caused gas shortages, long lines and increased prices across many eastern states.

The attack was blamed on a Russia-based group, while another hacker group purportedly from the same nation sought to hold data belonging to the Washington DC police department to ransom. It has now released information on the profiles of 22 police officers attached to that department, and is threatening to release more information until $4m is paid to them.

Mr MacKenzie said: “There have been a lot of advanced attacks that have been targeted against companies and they are very, very sophisticated. One of the sophisticated attack mechanisms that bad actors use is they try to infect software updates, for example the Solar Winds attack, that was based on an update patch that was applied from Solar Winds.”

Solar Winds, a Texas-based company that provides software updates for computer systems, saw one of its software updates, Orion, allegedly hacked into by Russians groups last year.

Orion was a widely-used US government software that was hacked into and inseminated with a Trojan virus, SUNBURST, which the Russian hackers were able to use to control the software and tap into US government systems.

Mr MacKenzie said: “So the bad actors infected code within an update that was going to be deployed for all the solar wind servers, and then users just deployed the Solar Winds code. That infected all of their Solar Winds deployments globally.

“So if the bad actor can get into one of these companies that provides commercial enterprise software, and that company is unaware of the bad actor being in their network, this is where Remote Access Trojans (RATS) come into play.

“The RATS’ goal is to basically like follow that human resource practice, get into the network, not letting anybody know that it’s in the network, and then in a timed scenario do something which could be infecting the software code, and then deleting itself so that there’s no trace of it,” he added.

“We just have to step up our game and do a better job as security practitioner,s and leadership in companies have to take responsibility for governance and good security practice.”

Mr MacKenzie added: “One of one of the significant threats to organisations as a whole is standard business practice. You have a human resources department, and you have a recruitment e-mail address. The job of the recruitment officer within human resources is to open resumes and read those resumes.

“If you embed malware within that resume, and they open that resume, that has now infected their computer and it will then do its best to laterally move across the organisation and infect other computers.”

Mr MacKenzie said it was critical to install protection systems such as next generation firewalls, intrusion protection, intrusion prevention and threat prevention. He added: “A threat prevention system will open that e-mail and sandbox the PDF attachment before it allows the person to open it on their desktop.”