CYBERSECURITY | Ransomware hits PH govt agency

A ransomware attack reportedly hit the Department of Migrant Workers (DMW) in the Philippines this week, leading to the temporary suspension of its online services, including those for issuing Overseas Employment Certificates (OECs) and Overseas Filipino Worker (OFW) information sheets.

The DMW, however, said that no OFW databases were compromised, and the agency is collaborating with the Department of Information and Communications Technology (DICT) to restore services and facilitate manual processing for necessary documents. The agency’s systems went offline as a preemptive measure, and users had to undergo manual processing to get their passes.

“Cybercriminals are increasingly targeting critical infrastructure and government agencies, as evidenced by the recent ransomware attack on the Philippine Department of Migrant Workers,” said Patrick Tiquet, vice president of Security and Compliance at Keeper Security. “The decision to swiftly take their systems offline was crucial to contain the breach and protect sensitive information, and demonstrates the importance of proactive measures to minimize potential damage.”

This isn’t an isolated incident. Last year, the Philippine Health Insurance Corp faced a similar ransomware attack, where hackers demanded $300,000. These repeated attacks show that cybercriminals are expanding their focus beyond big corporations to government bodies, aiming to disrupt essential services and access valuable data.

According to Keeper Security’s 2024 Future of Defence Report, 92% of IT and security leaders have seen an increase in cyber attacks year-over-year, underscoring the pervasive nature of online threats.

Government agencies, and the organizations that work with them, often hold vast amounts of sensitive data and provide critical services, making them lucrative targets for cybercriminals seeking financial gain through ransom or the sale of stolen data.

“To combat these threats, government organizations must bolster their cybersecurity defenses. Adopting a zero-trust security model in conjunction with least-privilege access, Role-Based Access Controls (RBAC), a Single Sign-On (SSO) solution and appropriate password security can greatly decrease the likelihood of a successful cyber attack and stymie the threat actor’s access,” said Tiquet “Companies should also have security event monitoring in place to promptly detect and respond to potential threats, implement regular system backups, establish comprehensive incident response plans and ensure that all staff receive thorough training in basic cybersecurity practices. Simple measures like keeping software up-to-date, using strong passwords and mandating the use of Multi-Factor Authentication (MFA) can go a long way in preventing attacks.”

Southeast Asian government networks have been the target of a recent wave of ransomware attacks. Good ransomware mitigation practices will require the organization to address the factors of people, technology, and processes.

The following are 10 recommendations from Kelvin Lim, senior director of Security Engineering at Synopsys Software Integrity Group, to protect organizations against ransomware attacks:

Data backup – This is a must-have and it serves as a last line of defense against ransomware attacks where access to data is denied. Do note that backups should be stored offline or in a separate network to prevent them from being accessed by ransomware

⁠Data encryption – This stops bad actors from gaining authorized access to the data in a ransomware attack

⁠User education – Awareness and training are essential. Users should be taught to spot phishing attempts and avoid clicking on dubious links or attachments.

Application security – Adopt good application security practices to remove any security vulnerabilities embedded in the application

⁠Software updates – Update software regularly with the latest software patches and security updates

Email filtering – Block phishing emails and malicious contact before the email reaches the user’s mailbox

Access control – Enforce the principle of least privilege, ensure that users are only allowed to access data and systems necessary for their work

Network segmentation – This is to limit the blast-radius of the ransomware attack and restrict user access to only what is necessary for their roles

⁠Monitoring – It is important to have 24/7 monitoring and alerting functions on your network and systems to detect any unusual activities

⁠Security audits – Regular security audits are necessary to identify any lapses in the systems, network, and processes.

WATCH: TECHSABADO and ‘TODAY IS TUESDAY’ LIVESTREAM on YOUTUBE