A cybersecurity expert has shared his Top 10 recommendations for organizations to fight ransomware.
What can organizations do to prevent cyberattacks, particularly ransomware? Kelvin Lim, senior director of Security Engineering at Synopsys Software Integrity Group shared with TechTravelMonitor his Top 10 recommendations against ransomware attacks.
Here are Lim’s 10 recommendations
1. Data backup – This is a must-have and it serves as a last line of defense against ransomware attacks where access to data is denied. Do note that backups should be stored offline or in a separate network to prevent them from being accessed by ransomware
2. Data encryption – This stops bad actors from gaining authorized access to the data in a ransomware attack
3. User education – Awareness and training are essential. Users should be taught to spot phishing attempts and avoid clicking on dubious links or attachments.
4. Application Security – Adopt good application security practices to remove any security vulnerabilities embedded in the application
5. Software updates – Update software regularly with the latest software patches and security updates
6. Email Filtering – Block phishing emails and malicious contact before the email reaches the user’s mailbox
7. Access control – Enforce the principle of least privilege, ensure that users are only allowed to access data and systems necessary for their work
8. Network segmentation – This is to limit the blast radius of the ransomware attack and restrict user access to only what is necessary for their roles
9. Monitoring – It is important to have 24/7 monitoring and alerting functions on your network and systems to detect any unusual activities
10. Security audits – Regular security audits are necessary to identify any lapses in the systems, network, and processes
A list of the biggest data breaches and hackings reported in the Philippines
There have been notable cases of data breaches involving both private and government entities in the Philippines.
Most recently, the Department of Migrant Workers (DMW) had to swiftly take its systems offline was crucial to protect sensitive information.
A ransomware attack hit the DMW in the Philippines, leading to the temporary suspension of its online services, including those for issuing Overseas Employment Certificates (OECs) and Overseas Filipino Worker (OFW) information sheets.
Allegedly, no OFW databases were compromised, and the agency is collaborating with the Department of Information and Communications Technology (DICT) to restore services and facilitate the manual processing of necessary documents.
A ransomware attack hit the DMW in the Philippines, leading to the temporary suspension of its online services
Here are the notable cases in recent years.
Hacking of private and public websites in 2024
The National Bureau of Investigation (NBI) on June 21 arrested three individuals for the alleged hacking of both government and private institutions, banks, and Facebook accounts.
The suspects, whose faces were covered, were identified through aliases ‘kangkong’, ‘Mirasol’, ‘Sibat’, ‘Ricardo Redoble’, and ‘lulu’, and were involved in multiple unauthorized access attempts and breaches of private and government websites since 2016.
One of the suspects, alias “kangkong” reportedly admitted to hacking 93 websites. All suspects are members of two big hacking groups, Philippine Lulzec and Globalsec, authorities said.
Jollibee data breach affects 11 million in 2024
The government’s National Privacy Commission (NPC) confirmed that a data breach at fast-food giant Jollibee Group affected 11 million data subjects in late June, involving sensitive personal information, including customers’ dates of birth and Senior Citizen ID numbers.
In a statement, the NPC said the breach involved “unauthorized access to Jollibee Group’s data lake, which holds data for all companies in the group.”
‘Medusa’ attacks PhilHealth in 2023
The recent attack on the Philippine Health Insurance Corporation (PhilHealth) has far-reaching implications for the government’s cybersecurity capabilities. As of October 10, hackers have begun releasing stolen data on the dark web, including confidential memos and member data (i.e., addresses, phone numbers, and insurance IDs). They demanded $300,000 (P17 million) in exchange for the stolen information.
The hacker group, which the government calls Medusa, accessed the data on September 22 after restricting PhilHealth staff from accessing their system. The insurance corporation shut it to prevent further damage, but the hackers had already secured 734 GB of files. PhilHealth has 59 million direct and indirect contributions. The government immediately implemented security measures. It also refused to pay the ransom. Instead, it focuses on reinforcing cybersecurity via audits and other security measures.
UCPB Independence Day online banking scheme in 2020
Reports said the government-controlled United Coconut Planters Bank (UCPB) lost millions of pesos through numerous online transfers and automated teller machine (ATM) withdrawals during the three-day holiday in June 2020. In one case, the culprits made 57 withdrawals from a single ATM, taking out its entire ₱4 million stock. The total losses amounted to ₱167 million.
A bank official reported that the hackers held UCPB accounts, which they used with other local banks to transfer and withdraw the money. Based on theories, the culprits might have had inside help and could be a part of a larger syndicate operating in the local banking system. Thankfully, the funds of account holders remain safe, with UCPB vowing to improve its cybersecurity infrastructure.
2019 data breach on Cebuana Lhuillier’s email servers
In 2019, pawnshop and remittance firm company Cebuana Lhuillier reported a data breach involving its email servers for its marketing activities, compromising the data of roughly 900,000 clients, which is 3% of its total clientele. The company also traced unauthorized downloads dating back to August 2018.
In its official statement, Cebuana Lhuillier revealed that the data dump included customer birthdays, addresses, and sources of income. Fortunately, financial transaction details were safe from the attack. The company collaborated with the NPC to perform an internal investigation and improve its cybersecurity following the incident.
Wendy’s Philippines hacked in 2017
In 2017, the website of fast-food chain Wendy’s Philippines was reportedly hacked and over 82,000 customer and employee records, including names, email addresses, postal addresses, and resumes, were affected. In response, the NPC obliged the company to notify those affected and ordered the company to perform a security assessment.
Comelec data breach involving 70 million in 2016
In 2016, the Commission on Elections (Comelec) reported a data breach that affected 70 million a month before the national elections. The breach reportedly involved fingerprint data; passport information; email addresses; postal addresses; birthplace; height and weight; gender; marital status; and parents’ names.
READ MORE TECH NEWS.