Cyber Incident Victim: Mayberry Investments Limited
Date:
Jun 2023
Location:
Jamaica
Summary
Mayberry Investments was the subject of a cyberattack, which the company disclosed publicly. Its main website continued to function normally and the firm stated there were no service disruptions for its clients. An investigation by its cyber experts found no evidence that client financial positions were compromised. The incident was part of a broader trend of prevalent cybercrime targeting the Caribbean region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 1, 2023, Mayberry Investments Limited publicly disclosed that it had recently been the subject of a cyberattack. The company made this announcement via a public post on a Sunday, confirming that its cybersecurity experts were already actively engaged in addressing the incident. The initial discovery of the malicious activity preceded this public statement, though the exact date and time of the initial intrusion were not specified in the public disclosure. The investment firm’s main public-facing website was reported to be functioning normally throughout this period, indicating that the attack may have targeted internal systems or other digital assets not directly linked to the primary web presence accessible to clients and the general public.
A primary component of the firm's immediate response was an investigation to determine the scope of the breach and any potential impact on client assets. Following this investigation, Mayberry Investments stated that it had not found any evidence indicating that the financial positions of its clients were compromised. This assessment was a key point communicated to reassure the client base and the public. The company further assured its clients that there had been no disruptions to its services as a result of the attack, suggesting that core business operations, including trading and client account management, continued without interruption. The operational resilience implied that containment measures, whether through isolation of affected systems or other means, were effectively implemented to prevent the attack from causing service downtime.
The public announcement served as both a notification and a reassurance, emphasizing the company's proactive and diligent approach to managing the incident. The management highlighted that their cyber experts were working diligently to address the incident and that they would continue to monitor the malicious activity closely. This statement formed the entirety of the publicly available information regarding the specific response actions taken by the company's internal team or any third-party experts brought in to assist. The technical details of the attack, including the specific attack vector used, the nature of the malware or exploit involved, or the duration of the threat actor's presence within the network prior to detection, were not disclosed.
The incident had reputational and contextual impacts beyond the immediate technical response. By publicly acknowledging the attack, Mayberry Investments joined a growing list of entities affected by cybercrime, a problem noted as being increasingly prevalent. The reporting on the incident contextualized it within a broader regional trend of escalating cyber threats. According to cited statistics from Schneider Electric, a French technology firm, the Caribbean region had faced 144 million cyber attack attempts in the year 2023 up to that point. This figure aligned with earlier estimates from cybersecurity consultant Doug Thomas, who had previously stated that the Caribbean region experienced approximately 100 million hack attempts every three months back in 2021, indicating a sustained and significant volume of malicious activity targeting the area.
The consequences of the incident for Mayberry Investments appeared to be primarily limited to the effort and resources required for investigation and response. There was no public indication of any financial loss suffered by the company or its clients directly attributable to the attack, nor was there any mention of data exfiltration or ransomware demands. The confirmed impact was the fact of the attack itself and the subsequent internal effort to mitigate it. The company's ability to maintain normal service operations throughout the event suggested a contained incident that did not escalate to a level that affected its business continuity or transactional capabilities. The disclosure itself served to highlight the ongoing cybersecurity challenges faced by financial institutions in the region, placing Mayberry's experience within a wider pattern of attempted breaches rather than an isolated event. The full extent of the investigation's findings and any longer-term security enhancements implemented as a result were not detailed in the public domain.