One month after a cyber-attack brought down government servers and websites in Vanuatu, it frustrated officials who are still using private Gmail accounts, personal laptops, pen and paper, and typewriters to run its government of the prime minister. This attack took place just a few days after the current Prime Minister took charge. the crash. The malware attack on Vanuatu’s government networks has caused delays in communication and coordination within the Pacific island nation of 314,000 people and 80 islands. Vanuatu citizens have resorted to the online Yellow Pages or even hard copy phone directories to locate government phone numbers. Some offices were running from their Facebook pages and Twitter feeds.
The problems began about a month ago, when suspicious phishing activity was first noticed in emails to the Ministry of Finance, according to a financial analyst who works closely with the ministry’s cybersecurity teams. The malware crashed nearly all government email and website archives. Many of their departments were still using local computer drives to store data, as opposed to web servers or the cloud. No backups. No official information has been released on whether ransom demands were made by the hackers. “It is taking longer for payments [from the Ministry of Finance] to get out, but … we are always on Vanuatu time anyway,” said the financial analyst.[1]
Government departments have struggled to stay connected, frustrating officials, with impromptu solutions being implemented for communication between agencies and departments. Many outer islands government offices are experiencing sharp delays in services. “It was chaos during the first few days but the entire government made alternative Gmail accounts or used their private emails. We are all using (hard line) telephones and mobile phones for communication. But we are resilient in Vanuatu as a small country and can manage this,” said a communications officer in its Ministry of Climate Change. “Our department is communicating with the public more now with Facebook and Twitter, and we are actually getting more followers.”
The attack did not crash the island’s civilian infrastructure, such as airline or hotel websites. Most tourism and business has continued as usual into the busy Christmas and New Year period.
The current system can be remedied by upgrading software and putting files on to the cloud for managing, said the analyst. But local officials do not have the expertise to do this and “need outside assistance.”
The government previously reported that the attack occurred on 5 November, but a computer technician at the Office of the Government’s Chief Information Officer and an Australian diplomat and reliable source confirmed that the crash actually came on Sunday 30 October.
In the first few days of the crisis, some Vanuatu authorities attributed the issue to poor weather damaging internet infrastructure. However, the Australian diplomat said, “We noticed there was a problem right away … our team recognized this as having the hallmarks of a cyber-attack, and not being caused by weather.”
Gaps in internal communications in the days that followed the attack compounded matters. Vanuatu’s Prime minister formally came into power on 4 November, and on 5 November the government officially recognized the problem.
Australia’s government has made offers of assistance. “We sent in a team to assist with that disgraceful cyber-attack and the response and we are working through the process of bringing the government IT systems back up to speed,” Australia’s minister for international development and the Pacific, told local news sources.
Cyber-attacks have wreaked havoc globally in recent years and Vanuatu’s attack will serve as a warning to small nations across the Pacific who have even weaker cybersecurity than Port Vila. The Vanuatu Office of the Government Chief Information Office (OGCIO) did not respond to requests for comment.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.theguardian.com/world/2022/nov/29/vanuatu-officials-turn-to-phone-books-and-typewriters-one-month-after-cyber-attack
Comments