DICT unit website hacked; exec downplays incident

DICT unit website hacked; exec downplays incident

/ 05:10 AM July 03, 2024

DICT unit website hacked; exec downplays incident

SITUATION MANAGED The Department of Information and Communications Technology confirmed that the website of its Disaster Risk Reduction Management Division was defaced, but it regained control in less than an hour. —Philippine Agency

MANILA, Philippines — The country’s very own cybersecurity watchdog became the recent victim of a system breach by an entity identifying itself as “ph1ns,” which also left a warning about another imminent cyberattack.

Department of Information and Communications Technology (DICT) Assistant Secretary Renato Paraiso, in a virtual briefing on Tuesday, confirmed that the website of the government agency’s Disaster Risk Reduction Management Division (DRRMD) was defaced but it was able to regain control in less than an hour.

Article continues after this advertisement

“[This] attack is not only to mock DICT’s reputation but also to strengthen the country’s cyberdefense by humiliating them,” ph1ns posted on the website during its attack.

FEATURED STORIES

READ: 3 suspected hackers caught, tech journalist implicated

The hacker group advised the government agency to perform “thorough tests during and after the development of your applications, websites, etc.” to strengthen its firewall.

Article continues after this advertisement

‘Porous’ system

In addition, ph1ns told the DICT to beef up its IT personnel to be suited to fend off cyberattacks.

Article continues after this advertisement

“You’re my best buddy, DICT. I’ll be back. See you soon,” it warned.

Article continues after this advertisement

Paraiso downplayed the cyberattack, explaining that it did not reach the government agency’s central system.

The DRRMD is an external unit of the DICT, Paraiso said, as he also explained that its system was designed to be “porous” or built with fewer firewalls to allow the quick flow of disaster-related information during emergencies. Less firewalls mean a higher vulnerability against cyberattacks.

Article continues after this advertisement

Apart from defacement, he said the hacker was able to exfiltrate some employee data amounting to “less than 5 megabits,” which he described as a small amount. Nevertheless, Paraiso said they had reached out to the National Privacy Commission regarding the incident.

The DICT has been dealing with recent major cyberattacks against government agencies.

Before this, it confirmed that 2-terabytes worth of Department of Science and Technology (DOST) data—including research plans, schematics, and designs—were compromised.

This resulted in the DOST being locked out of its system, meaning it could not access the said data. The cyberattack was expected to delay the approval of pending patents and other DOST research and development initiatives, Paraiso said earlier.

Also targeted by cybercriminals was the reporting system of the Bureau of Customs (BOC), which serves as a communication line among the bureau’s units. The data that was potentially compromised included information about cargo movements being monitored by the government agency, Paraiso explained.

The investigation for the DOST hacking is ongoing. As for the BOC, Paraiso said they were able to regain control of the system, which is being upgraded to strengthen security.

Firewalls check

Amid the onslaught of cyberattacks against government agencies, cybersecurity firm Kaspersky stressed the need for regular assessment of their firewalls to shut out bad threat actors from their systems and keep sensitive information safe.

The cybersecurity expert said government agencies must always remind their staff to store sensitive data only in trusted cloud storage that requires authentication for access.

This also serves as a reminder for employees who use personal devices for work, as these could be entry points for hackers.

For the immediate response, Kaspersky’s general manager for Southeast Asia, Yeo Siang Tiong, told the Inquirer earlier that the first thing always to do was to change passwords.

Then, the hacked organizations must “assess the reach of the attack and implement a detection and response strategy,” he added.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the and acknowledge that I have read the .

Government agencies are attracting cybercriminals because they hold vast amount of significant data, including personal information, which can be exploited by hackers for financial gain.

TAGS: cyber attacks, cybersecurity, DICT

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the and acknowledge that I have read the .

© Copyright 1997-2024 | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies.