30,000 vulnerabilities found in 2,002 gov’t files—DICT

MANILA, Philippines — Some government agencies remain at risk of cyberattacks even after others suffered massive data breaches in the past months, the Department of Information and Communication Technology (DICT) said, as it struggles to mitigate such attacks due to lack of funding and personnel, and even the unresponsiveness of agencies to safety checks.

During a House hearing by the committee on information and communication technology on Tuesday, DICT Undersecretary Jeffrey Uy told lawmakers that since December 2023, they have discovered over 30,000 vulnerabilities in at least 2,002 government digital assets.

READ: Phishing, ransomware attacks remain top cyber threats in PH

Preempt over 800 attempts

At the same time, as of April 2024, the agency was able to preempt over 800 attempts to hack government agencies, which were then classified based on how critical the attacks were.

READ: Hackers gain access to sensitive DOST data

Based on their assessment, the top 10 agencies that were most at risk for critical incidents were the Department of Health, DICT, Department of Transportation, National Economic Development Authority, Philippine National Police, Department of Environment and Natural Resources, Philippine Economic Zone Authority, Civil Service Commission, Office of the President, and Department of Science and Technology.

Response to cyberattacks

Uy did not explain why these agencies were the most vulnerable, but many of their websites hold public records about critical infrastructure, government projects, and personnel records.

These findings were discovered through DICT’s Project Sonar (Secure Online Network Assessment and Response), implemented last year in response to cyberattacks against government agencies, including the House of Representatives.

Read more...