A significant drop in vulnerabilities is being attributed to the more than 70 per cent reduction in attempted cyberattacks on local networks seen since the start of this year.

Head of the Jamaica Cyber Incident Response Team (JaCIRT) Lieutenant Colonel Godphey Sterling, expounding on this observation, told the Jamaica Observer in an interview this week that with local cyberattacks falling some 78 per cent up to the first half of this year, trends in the area have so far continued to be encouraging, especially where vulnerabilities are concerned.

Vulnerabilities, which are those areas of weakness or opportunity in an information system, allow cybercriminals to exploit and gain unauthorised access to a computer system. If left untreated, these loopholes can weaken systems, opening the door to malicious attacks.

“When we look at vulnerabilities, we have also been seeing a downward trend in the area. Last year this time we were monitoring 25 categories of vulnerabilities affecting just over 73,000 unique IP addresses, but for this year, while the categories have grown to 38, the number of unique IP addresses we are now monitoring have dropped by about 62 per cent to 27,755. This has been largely due to the correction of a major vulnerability in our ecosystem,” he said to the Business Observer.

After correcting a CPE WAN Management Protocol (CWMP) vulnerability which, he said, has been influencing over 90,000 compromised IP address, a series of remediation exercises or “middle man attacks” resulted in the number of these addresses falling to just over 25,000 this year. The fix, which Sterling said also made a significant difference in reducing the level of vulnerability nationally, saw some 70,000 fewer devices no longer vulnerable or becoming potential threats in the local ecosystem.

CWMP, said to be one of the most common protocols across the Internet, allows service providers to remotely configure customer premises equipment (CPE) like cable modems and home routers. Flawed by design, the administrative powers often granted by CWMP, experts have said, is what largely makes it of a higher security risk and a more sought-after target by hackers.

“CWMP is just one of almost 290 vulnerabilities that we monitor on a daily basis but it is that backbone type that really facilitates a lot of the others, so being able to address it has been really good,” Sterling said.

“When we look at vulnerable Internet of things (IOT) devices within the ecosystem, we are also seeing a downward trend in this area. We are currently monitoring just over 50,000 devices that are deemed vulnerable across 13 vendors but we have been working with the owners as we identify them to see how best we can treat with each,” he added.

Highlighting the age of some vulnerabilities as troubling, some of which are as old as five years, Sterling said all steps are being taken through JaCIRT’s regular monitoring and updates to rid the local network of compromised connections.

Touting the work of JaCIRT and a number of its cybersecurity partners which have been actively monitoring the space, the director said the entities, particularly his, which is regulated from government level, continues to push in becoming leaders in cyber-incident response and management as they aim to improve the hygiene of Jamaica’s cyberspace.

Notwithstanding the major successes achieved in the last year concerning a general reduction in cyberattacks, the JaCIRT head, however, said that other issues surrounding upticks in ransomware and more targeted attacks, remain areas of concern for the body.

“To date, we have been tracking or have responded to 11 such attacks, compared to nine for all of last year and we continue to see these upticks more so for those reported. We are also seeing the introduction of ransomware activity by ransom hub within the region and the reintroduction of the BianLian ransomware group, which we have not seen since 2021 and this suggests that attacks are becoming more targeted and sophisticated.

“Rather than just trying to compromise a lot of people, hackers are therefore going after specific targets,” Sterling further noted, indicating that JaCIRT, as part of its response, has been moving to ramp up the push of cybersecurity awareness in the local landscape.

With October being observed as ‘Cyber-Security Awareness Month’, he said that the entity will be moving this year to roll out a number of products and new strategies aimed at strengthening the country’s cybersecurity framework.

“This year we hope to go bigger and better, starting with an official launch on October 9. Thereafter, we hope to have a month of activities targeting three days a week — Tuesday, Wednesday, Thursday, for various projects. For Tuesdays, we will target schools with our lecture series and on Wednesdays, the general population through webinars. On Thursdays, we want to have fireside chats or panel discussions around topical cybersecurity issues,” the director said.

“We also have a number of products we will be launching, particularly our social media guide for K12 and teens and these are among some other flagship things we will be looking to put out. Additionally, we will be moving to tighten synergies with some of those managed cybersecurity companies as we partner to address the issue of governance, risk and compliance in the local industry,” he continued.

Sterling, in his outlook for the remainder of this year, said the projection is for attacks to further trend downwards, possibly experiencing some uptick around mid-November as the country moves into the festive Christmas season.

“Our approach here will not be to wait and see what will happen, but to make our messaging a little more targeted to the holiday season, ensuring that it gets to particularly the most vulnerable including the young, old, and those small businesses that can’t do cybersecurity for themselves,” he stated.