MANILA, Philippines - The government has stepped up its security measures in cyberspace amid a global threat posed by the “WannaCry” ransomware attacks.
Justice Secretary Vitaliano Aguirre II yesterday ordered the National Bureau of Investigation (NBI) to address the new threat that has caused chaos in businesses, governments and individuals in over 70 countries over the weekend.
“I gave the same instruction to the Cybercrime Division of the DOJ (Department of Justice),” Aguirre said.
“Let us do what we can to monitor and step up our cyber security measures to prevent or at least minimize the adverse effects of the ‘ransomware’ attacks on our system,” he added.
Aguirre said the NBI has not received any report of a WannaCry attack incident in the country so far.
The WannaCry ransomware, which started last May 12, allows hackers to access a user’s files and demand $300 worth of bitcoin, a form of digital currency used in cyberspace, for recovery of files that will otherwise be permanently deleted.
It further threatens users by imposing a deadline for the payment of ransom.
The Philippine National Police (PNP) said internet service providers should help authorities in investigating the latest massive cyberattack.
Supt. Jay Guillermo, spokesman for the PNP’s Anti-Cybercrime Group (ACG) said information of internet protocol address of the source of attack must be retained for analysis. Guillermo said the ACG has yet to receive reports from private internet users or institutions affected by the ransomware attack on Saturday.
“So far, we have yet to receive reports regarding the incident,” he said.
Guillermo admitted private firms do not report to authorities if there are breaches in their data infrastructure, which should not be the case.
There must be continuous coordination and collaboration among private institutions, government and law enforcement agencies for investigation and cyber response, he said.
Backup
Department of Information and Communications Technology (DICT) Assistant Secretary and cybersecurity group head Allan Cabanlong said the ransomware attack had affected over 100,000 users in at least 99 countries.
The cyberattack highlights the need for the Philippine government to step up its cybersecurity measures, he said.
He added the DICT is monitoring the reported ransomware attack that infected thousands of computers worldwide.
Cabanlong said the DICT is set to issue a memorandum circular for all state agencies requiring them to come up with a disaster recovery plan.
Mandating contingency for recovery of data in the event of major disasters and massive cyber attacks is part of the National Cybersecurity Plan 2022 rolled out by Information Secretary Rodolfo Salalima last May 2.
The DICT said the plan aims “to protect the nation’s critical infostructures, government networks both public and military, small medium enterprises to large businesses, corporations and its supply chains and every Filipino using the internet.”
Cabanlong said the government has allocated a budget this year for the construction of a new data center in Subic to serve as a repository of backed up data.
National Privacy Commission commissioner Raymund Liboro said the NPC and the DICT are working towards making the country cyber resilient.
He said for the NPC, complying with the provisions of the Data Privacy Act is a must to those handling personal data.
Liboro said the NPC started with government and is now in collaboration with critical industries like banks to ensure compliance with the law.
This would translate to the adoption of appropriate security posture to prevent breaches and be ready in case of breach, he said.
Liboro stressed backing up of data is an appropriate data security practice. Training personnel and implementing data protection practices in the workplace will go a long way in preventing the entry of malware and other insidious cyber threats, he said.
“Cyber threat actors have three objectives: to make a point; to make a mess; and to make money. In preventing cyber criminals from preying on you sometimes you have to think like them… make them work harder to crack your system so that it would be too uneconomical for them to hit you. If they find you difficult to crack then they will move on to… easier prey,” Liboro said.
The DICT, along with the NPC and the Philippine Institute of Volcanology and Seismology (Phivolcs), made separate calls for the public to back up their data to minimize disruptions.
Phivolcs chief Renato Solidum stressed there is also a need to back up government data in the face of the threat of the “Big One” or a massive earthquake in Metro Manila, the seat of government.
“The national government is centered here but it doesn’t mean you have to physically leave, you can have secondary offices outside and most of all, you must have data security, backup,” Solidum said.
Having backup data would greatly help in the recovery and rehabilitation as well as continuing the delivery of services in the aftermath of calamities, he stressed.
Older operating systems attacked
Technical staff scrambled yesterday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.
The spread of the virus had slowed down but cybersecurity experts warned that the respite may be brief.
New versions of the worm were expected, and the extent of the damage from Friday’s attack was still unclear.
This developed as international investigators hunted for those behind the cyberattack.
“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” said Europol, Europe’s police agency.
Experts and officials offered differing estimates of the scope of the attacks, but all agreed it was huge.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, said it was the biggest ransomware outbreak in history as 130,000 systems in more than 100 countries had been affected.
He said Russia and India were hit particularly hard, largely because Microsoft’s Windows XP – one of the operating systems most at risk – was still widely used there.
French police said there were “more than 75,000 victims” around the globe, but cautioned that the number could increase “significantly.”
The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency – and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
Microsoft said the situation was “painful” and that it was taking “all possible actions to protect our customers.”
It issued guidance for people to protect their systems, while taking the highly unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system. – With Paolo Romero, Cecille Suerte Felipe, AFP