The decision of the Department of Migrant Workers (DMW) to swiftly take its systems offline was crucial to protect sensitive information, security experts said.
Ransomware attack
A ransomware attack hit the DMW in the Philippines recently, leading to the temporary suspension of its online services, including those for issuing Overseas Employment Certificates (OECs) and Overseas Filipino Worker (OFW) information sheets.
Allegedly, no OFW databases were compromised, and the agency is collaborating with the Department of Information and Communications Technology (DICT) to restore services and facilitate manual processing for necessary documents.
In the mean time, the systems are offline as a preemptive measure, and users will have to undergo manual processing to get their passes.
Patrick Tiquet, VP of Security and Compliance at Keeper Security noted: “Cybercriminals are increasingly targeting critical infrastructure and government agencies, as evidenced by the recent ransomware attack on the Department of Migrant Workers.”
“The decision to swiftly take their systems offline was crucial to contain the breach and protect sensitive information, and demonstrates the importance of proactive measures to minimize potential damage.”
READ MORE TECH NEWS.
Repeated attacks
Tiquet noted that the DMW attack is not an isolated incident. Last year, the Philippine Health Insurance Corp faced a similar ransomware attack, where hackers demanded $300,000.
“These repeated attacks show that cybercriminals are expanding their focus beyond big corporations to government bodies, aiming to disrupt essential services and access valuable data.”
According to Keeper Security’s 2024 Future of Defence Report, 92% of IT and security leaders have seen an increase in cyber attacks year-over-year, underscoring the pervasive nature of online threats.
Government agencies, and the organizations that work with them, often hold vast amounts of sensitive data and provide critical services, making them lucrative targets for cybercriminals seeking financial gain through ransom or the sale of stolen data.
How to defend against cyberattacks?
To combat these threats, government organizations must bolster their cybersecurity defenses. Adopting a zero-trust security model in conjunction with least-privilege access, Role-Based Access Controls (RBAC), a Single Sign-On (SSO) solution and appropriate password security can greatly decrease the likelihood of a successful cyber attack and stymie the threat actor’s access.
Government agencies, and the organizations that work with them, often hold vast amounts of sensitive data and provide critical services, making them lucrative targets for cybercriminals seeking financial gain.
Companies should also have security event monitoring in place to promptly detect and respond to potential threats, implement regular system backups, establish comprehensive incident response plans and ensure that all staff receive thorough training in basic cybersecurity practices.
Simple measures like keeping software up-to-date, using strong passwords and mandating the use of Multi-Factor Authentication (MFA) can go a long way in preventing attacks.
Kelvin Lim, senior director of Security Engineering at Synopsys Software Integrity Group added that: “Southeast Asian government networks have been the target of a recent wave of ransomware attacks. Good ransomware mitigation practices will require the organization to address the factors of people, technology, and processes.