Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-THREAT ALERT: WhatsApp Account Takeover Attack

WhatsApp Account Takeover Attack Advice The TTCSIRT urges the public to continue reporting these cyber-crime incidents to TTPS Cyber-Crime Unit via their website, https://www.ttps.gov.tt/Report-A-Crime, email  cybercrime@ttps.gov.tt or call 612-0742, 715-2072. About stolen WhatsApp accounts You should never share your WhatsApp SMS verification code with others, not even friends or family. If you’re tricked into sharing …

TTCSIRT-THREAT ALERT: Social Engineering Tactics Targeting Trinidad and Tobago Citizens

Over the past couple weeks, numerous reports have been made by citizens of Trinidad and Tobago regarding cyber-crime incidents which include: • Phishing – Phishing involves sending emails, texts or making calls to persons aimed at creating a sense of urgency, curiosity or fear in victims which results in them revealing sensitive information (address, credentials, …

TTCSIRT-THREAT ALERT: Supplemental Guidance for Emergency Directive on SolarWinds Orion Compromise

Please be advised, for situational awareness, the Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 21-01 – Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance Version 2, which provides additional guidance that supplements Emergency Directive (ED) 21-01 and Supplemental Guidance v1 issued on December 18, 2020. Can be accessed here: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance. This guidance requires …

TTCSIRT-THREAT ALERT: Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

Please be advised, Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems via a Command Injection Vulnerability in the administrative configurator. VMware has evaluated this issue to be of ‘Important‘ …

TTCSIRT-THREAT ALERT: Ransomware Activity Targeting the Healthcare and Public Health Sector

Please be advised, there is an observed significant increase in ransomware attacks targeting Healthcare and the Health Sector in neighboring countries. Ransomware is a type of malware that prevents users from accessing their system or files and demands a ransom payment in order to regain access. Threat actors have also threaten to publish or sell …

Increase in ransomware attacks targeting public and private entities in Trinidad and Tobago

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has observed a significant increase in ransomware attacks targeting local organizations. Ransomware is a type of malware that prevents users from accessing their system or files and demands a ransom payment in order to regain access. Threat actors have also threaten to publish or sell …

DoppelPaymer Ransomware

TT-CSIRT has observed an uptick in local instances of the DoppelPaymer ransomware. According to Threatpost, DoppelPaymer is an emerging type of ransomware that not only locks companies out of their own computer systems by encrypting files—the hallmark of typical ransomware—but also can exfiltrate company data and use it as collateral. The threat actors have also …

IC3 RELEASES ALERT ON EXTORTION EMAIL SCAMS

The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams during the current “stay-at-home” orders due to the COVID-19 crisis. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. TTCSIRT encourages everyone to review the IC3 Alert …

GUIDANCE ON THE NORTH KOREAN CYBER THREAT

The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic …

COVID-19 EXPLOITED BY MALICIOUS CYBER ACTORS

The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) did a joint alert talking to the exploitation by cyber criminal and Advanced Persistent Threat (APT) groups and a list of Indicators of Compromise (IOCs) for both detection and mitigation. Both …