SEVERAL financial professionals are expressing concern following the revelation that some of the files stolen from the Financial Services Commission' (FSC) systems have begun to appear on the dark web.
The FSC published a release on Thursday confirming that the cyber event it recently experienced was a ransomware attack by cyber criminals.
"This breach by threat actors resulted in unauthorised access to the FSC's networks," the FSC release said.
Ransomware is malicious software meant to block access to computer systems until money is paid to the hackers to provide a decryption key to unlock the systems. In the case of the FSC attack, it would mean that the files and systems were encrypted without the regulator regaining access unless it can use a decryption key to unlock its files.
"The breach was contained within the FSC's network systems, and over the past week the commission has continued to work diligently with law enforcement partners and cybersecurity experts. The collaboration has been aimed at investigating the circumstances surrounding the attack, ascertaining the extent of the breach, implementing data recovery, and strengthening the commission's IT security infrastructure," stated the FSC release.
The FSC's new release came a day after a Jamaica Observer article wherein the regulator said it wouldn't host a press conference or media briefing, and wouldn't comment on the matter since it was an ongoing investigation. The cyberattack has resulted in the regulator's normal email systems being down and external calls not reaching its listed phone number.
An FSC release was subsequently published on the Jamaica Stock Exchange (JSE) on Friday saying the regulator is working assiduously to restore seamless communication with all relevant stakeholders. The release also noted that all filing of reports must be done by way of hard copy at its Barbados Avenue, New Kingston, offices. This will ensure the continued regulation of the sector remains ongoing despite it going at a slower pace.
"The commission, JaCIRT (Jamaica Cyber Incident Response Team) and MOCA (Major Organised Crime & Anti-Corruption Agency) are aware that data relating to the day-to-day work of the commission as a financial sector regulator has been published on the Internet. This is the subject of intensive investigation," the FSC added.
The Black Suit hacker group has published some of the FSC's files on the dark web, which go past a decade. We were told no 2023 files have been dumped on the dark web yet, however we were advised the files already on the dark web include investigation files, internal FSC communication, the annual returns of general and life insurance companies, repurchase agreement values for securities dealers, resumes, birthdays of FSC staff members, and other regulatory information.
Threat actors publish some information to make their victims aware they do have the information stolen from their systems and that they're willing to publish the remainder of the information if the ransom is not paid.
If the remainder of the FSC's information is published this could spell serious implications for licensees and different firms as they would not only become the targets of phishing attacks and social engineering, but people could leverage the information about licensees whose information is not publicly available.
This comes at a time when the regulator has been under scrutiny this year in its handling of Stocks and Securities Limited (SSL) over several years, which subsequently saw the Bank of Jamaica take over the FSC's board and with Major Kerron Burrell being installed as the new FSC executive director.
A hotel also saw its information posted on the dark web this week as 6.3 gigabytes (GB) of information related to local and international guests was made available by the LockBit group. This comes several months after a Corporate Area hotel was attacked by the same group.
JSE-listed firms Mayberry Investments Limited and Derrimon Trading Company Limited were the victims of cyberattacks recently. We were told all the files copied from Mayberry's systems, totaling 130 GB, remain available on the dark web while the Alphv group gave a 48-hour window to Derrimon before they publish all remaining files.
Different cybersecurity experts are encouraging more firms to do penetration testing and regular auditing of the access to sensitive data on its systems. Encrypting or adding password protection to sensitive files is also a way to limit the potential damage which can arise from a cyberattack and having that information being published online. Testing the backups is also critical since this protective route would be rendered useless if threat actors also gained access to this recovery method.
Persons can reach out to the FSC at 876-906-3010-2 or email@example.com.
"While the investigations are ongoing, the commission has strengthened its cybersecurity systems and bolstered its cyber resilience. The commission, working with its partners, is committed to stay[ing] ahead of these malicious actors to maintain the security of its systems and the continuation of its essential regulatory operations. Further updates will be provided as the investigations progress and as new information becomes available," the FSC release concluded.