PHILIPPINE STAR/MIGUEL DE GUZMAN

THE PHILIPPINES urgently needs to address its expanding cyber threat landscape by implementing preemptive security measures, instead of relying on emergency responses, according to experts.

“This harsh reality calls for Philippine organizations to adopt real-time, targeted intelligence that preemptively secures companies instead of waiting and hoping defenses hold,” Yochai Corem, chief executive officer of Israel-based threat intelligence firm Cyberint, said in an e-mailed press statement on Wednesday.

According to a study by Cyberint, the Philippines is ninth in the Asia Pacific region in terms of the frequency of ransomware attacks, with government agencies among the primary targets.

“The ransomware industry is on the rise once again,” the company said on ransomware growing as a persistent global threat to cybersecurity in its report.

Cyberint also pointed out the Medusa group as a standout among the 167 new ransomware families identified in the first quarter, primarily because of its focus on corporate entities worldwide and its substantial ransom demands.

The report further noted that Medusa started its operations in June 2021 and ramped up its activities this year. This uptick followed the debut of its blog and a declaration of its intention to release encrypted data if ransoms were not paid.

MEDUSA VS. PHILHEALTH
As of the second quarter, the group had compromised 20 victims, with its new target being the Philippine Health Insurance Corp. (PhilHealth). A data breach was detected on Sept. 22, pointing to Medusa as the culprit.

In an urgent notice on Oct. 2, PhilHealth clarified that its primary database was “intact and not infected.” However, it noted that personal records had been compromised.

It advised the public to take precautionary measures moving forward, such as monitoring and placing fraud alerts on credit reports, changing passwords for all online accounts, and being wary of phishing scams.

The cybercriminal group has already posted PhilHealth employee data on the dark web after failing to receive the $300,000 ransom it demanded, according to Undersecretary Jeffrey Ian C. Dy of the Department of Information and Communications Technology (DICT).

“Compared to the Comelec data breach in 2016, the potential impact of this incident is even greater, as all working Filipinos are mandatorily enrolled and must pay monthly contributions,” Sam Jacoba, president of the National Association of Data Protection Officers of the Philippines (NADPOP), said in a press statement.

“We urgently request that the DICT and National Privacy Commission guide consumers and institutions using PhilHealth information on what to do if their personal information was compromised by the breach, even if only a fraction of the extent of the breach has been revealed by the threat actors,” he added.

Angel “Lito” S. Averia, Jr., president of the Philippine Computer Emergency Response Team, said that regulators should anticipate the worst-case scenario, as it is better to warn Filipino consumers as soon as possible.

While remedial measures continue indefinitely, there’s an elevated demand for preemptive cybersecurity defenses across all organizations and government agencies, noted Mr. Corem, Cyberint CEO.— Miguel Hanz L. Antivola

RELATED ARTICLESMORE FROM AUTHOR