DICT unit website hacked; exec downplays incident

DICT unit website hacked; exec downplays incident

SITUATION MANAGED The Department of Information and Communications Technology confirmed that the website of its Disaster Risk Reduction Management Division was defaced, but it regained control in less than an hour. —Philippine News Agency

MANILA, Philippines — The country’s very own cybersecurity watchdog became the recent victim of a system breach by an entity identifying itself as “ph1ns,” which also left a warning about another imminent cyberattack.

Department of Information and Communications Technology (DICT) Assistant Secretary Renato Paraiso, in a virtual briefing on Tuesday, confirmed that the website of the government agency’s Disaster Risk Reduction Management Division (DRRMD) was defaced but it was able to regain control in less than an hour.

“[This] attack is not only to mock DICT’s reputation but also to strengthen the country’s cyberdefense by humiliating them,” ph1ns posted on the website during its attack.

READ: 3 suspected hackers caught, tech journalist implicated

The hacker group advised the government agency to perform “thorough tests during and after the development of your applications, websites, etc.” to strengthen its firewall.

‘Porous’ system

In addition, ph1ns told the DICT to beef up its IT personnel to be suited to fend off cyberattacks.

“You’re my best buddy, DICT. I’ll be back. See you soon,” it warned.

Paraiso downplayed the cyberattack, explaining that it did not reach the government agency’s central system.

The DRRMD is an external unit of the DICT, Paraiso said, as he also explained that its system was designed to be “porous” or built with fewer firewalls to allow the quick flow of disaster-related information during emergencies. Less firewalls mean a higher vulnerability against cyberattacks.

Apart from defacement, he said the hacker was able to exfiltrate some employee data amounting to “less than 5 megabits,” which he described as a small amount. Nevertheless, Paraiso said they had reached out to the National Privacy Commission regarding the incident.

The DICT has been dealing with recent major cyberattacks against government agencies.

Before this, it confirmed that 2-terabytes worth of Department of Science and Technology (DOST) data—including research plans, schematics, and designs—were compromised.

This resulted in the DOST being locked out of its system, meaning it could not access the said data. The cyberattack was expected to delay the approval of pending patents and other DOST research and development initiatives, Paraiso said earlier.

Also targeted by cybercriminals was the reporting system of the Bureau of Customs (BOC), which serves as a communication line among the bureau’s units. The data that was potentially compromised included information about cargo movements being monitored by the government agency, Paraiso explained.

The investigation for the DOST hacking is ongoing. As for the BOC, Paraiso said they were able to regain control of the system, which is being upgraded to strengthen security.

Firewalls check

Amid the onslaught of cyberattacks against government agencies, cybersecurity firm Kaspersky stressed the need for regular assessment of their firewalls to shut out bad threat actors from their systems and keep sensitive information safe.

The cybersecurity expert said government agencies must always remind their staff to store sensitive data only in trusted cloud storage that requires authentication for access.

This also serves as a reminder for employees who use personal devices for work, as these could be entry points for hackers.

For the immediate response, Kaspersky’s general manager for Southeast Asia, Yeo Siang Tiong, told the Inquirer earlier that the first thing always to do was to change passwords.

Then, the hacked organizations must “assess the reach of the attack and implement a detection and response strategy,” he added.

Government agencies are attracting cybercriminals because they hold vast amount of significant data, including personal information, which can be exploited by hackers for financial gain.

Read more...