DICT finds malware on GIS file downloaded from SEC website

By Denise A. Valdez
Reporter
THE DEPARTMENT of Information and Communications Technology (DICT) said it was able to detect a cyber threat from a file downloaded from the Securities and Exchange Commission (SEC) website.
DICT Assistant Secretary for Cybersecurity Allan S. Cabanlong told BusinessWorld on Sunday the cybersecurity team was able to detect a malware infection on the downloadable General Information Sheet (GIS) file on the SEC website on Saturday. The website has been shut down since.
“It’s a malware. Na-infect ‘yung isang file nila sa loob ng kanilang website [A file in their website was infected],” he said in a phone call.
Mr. Cabanlong said they have notified the SEC about the threat, and will do a vulnerability assessment of the SEC website this week. The actual impact of the malware would be determined after the assessment.
“Ang gagawin namin is we… will study further kung anong klaseng malware ‘yan na na-detect. We’ve asked SEC to give us the info para malaman kung anong klaseng malware ang nandoon sa kanila [What we will do is study further what kind of malware was detected. We’ve asked the SEC to give us the info to find out what malware is in their platform],” he added.
The GIS is a regulatory file that is downloaded from the SEC website. All companies registered under the SEC are required to file their accomplished GIS forms annually.
Mr. Cabanlong said any computer that was used to access the GIS form from the SEC website is at risk of being infected by the malware if it is not protected by an anti-malware software.
“If they have an anti-malware sa kanilang system o sa kanilang computer, an anti-malware can detect that specific file, na-block naman. But those computers that don’t have an anti-virus or anti-malware sa kanilang system, then ‘yung ang medyo problema [If they have an anti-malware in their system or computer, an anti-malware can detect that specific file and block it. But those computers that don’t have an anti-virus or anti-malware in their system, then that’s going to be a problem],” he said.
“Hindi pa namin nalalaman kung ano ‘yung specific malware na ‘yan [We don’t know this specific malware yet]…. ‘Yung mga ganitong malware, generally ang ginagawa nito [What a malware generally does] is erase files or it will stay there for a while and will monitor your activities online,” Mr. Cabanlong added.
SEC Chairperson Emilio B. Aquino confirmed in a text message they have been notified of the threat.
The DICT cybersecurity team is set to meet with the SEC today to discuss the attack.
“We need to really put some controlled measure in our system,” Mr. Cabanlong said, noting the DICT intends to conduct vulnerability assessments in other government agencies as well.