It isn’t difficult to recall how the pandemic shook our lives. The images we likely would conjure would be how we enclosed ourselves in our homes, decked ourselves with masks and face shields and constantly practiced quarantining.
What we may not remember as vividly is how hackers around the world adapted during this period. This was a time when attackers realized that people and businesses who never worked remotely in their lives before suddenly had to use strange and unfamiliar technologies – crypticacronyms such as “VPN,” “PAM” and “OTP.” Surely these hackers couldn’t resist taking advantage of the online equivalents of newborn lambs. And take advantage, they certainly did. Hackers only needed to find one employee using a weak password – such as “password” – to gain access to a company’s entire infrastructure. Even for small organizations of just about a hundred employees, having one such person using a simple password would be likely.
Having people work remotely during a pandemic would imply that the documents and materials they work with are stored digitally within their organization. The hacker, now with access inside that organization, would find these and render everything unusable by “encrypting” them – effectively halting business. The hacker would hold all this data hostage, only agreeing to let the company use it again if a ransom is paid. Hence the term “ransomware” was coined. Payment for this ransom is typically done through a Bitcoin transaction, which conveniently masks the hacker’s identity.
Motivated by the mouth-watering amount of cash from a ransomware payment, hackers have built extremely helpful “customer support” in their websites. Through this, they would guide their most valued victim, nay…“customer,” to make a successful payment. If the website was not located in the seedy underbelly of the internet – the “Dark Web” – one might believe this was a professional mainstream service.
These ransomware attacks characterized the earliest wave of attacks by hackers looking to monetize the pandemic. From a sample size of 5,600 organizations surveyed by Sophos, the Philippines ranked 15th in the world for percentage of local companies hit by ransomware in 2021. To the delight of the hackers, the Philippines was the third biggest payer of ransom during that same year – thus sparking the lovely fascination hackers have had for our country since. Naturally, according to a survey via Esquire, the Philippines in turn was the second most-attacked country in the world in 2022. As such, at the onset of the pandemic, my colleagues and I started handling no less than three major cybersecurity attacks at any given time. Some of these incidents were extremely large, leading multiple local and foreign companies against notorious state-sponsored hacking groups.
A vast majority of the cases we handle, however, never surfaced in the media. One could only imagine how many Philippine companies were hacked but did not know what to do and simply paid the ransom.
One could also imagine how many companies here have already been infiltrated by attackers and are simply content with observing and listening. This is quite common actually, with hacker groups whose objective is espionage, rather than monetization. The longest such “dwell time,” as we call it, we observed has been more than two years.
But how has this all affected the ordinary Juan? Recall if you will that during the pandemic, everyone started doing things online. If not for the first time in their lives, online transactions and interactions increased exponentially. All this happened without receiving proper education or awareness of how dangerous the internet really is.
Allow me to digress. Remember when we were children, our parents would teach us not to talk to strangers, receive candy from just anyone and be careful walking around the streets? For a large majority of people during the pandemic, being on the internet was the equivalent of being out on the dangerous streets for the first time without a parent on hand. The threats are the same, they merely take a different face.
SMS and Viber loan offer messages from strangers? That used to be the candy being offered by a spooky man hanging out in the dark alley. Those fake banking websites that wait for you to put your real username and credentials so they can be stolen? That was the kind-looking stranger near the ATM machine asking if you needed help.
Those so-called job offers from “HR” professionals targeting laid-off staff from the pandemic and eventually extorting victims through elaborate task scams? OK, that one is new – but if anything else, it demonstrates how the internet has deviously created many more ways to trick people. At the extreme, we were contacted by individuals who suffered heart attacks after learning they lost their life savings in a scam. Unfortunately, these are more common (and underreported) than people think.
This brings me to “awareness.” It’s not the latest IT security technology that is most effective in saving someone from a cyberattack – but rather having people understand how to behave securely on the internet. Scams in particular are not a technological attack, but a psychological one. One wherein the scammer attempts to gain the trust of a potential victim, whether it be through an email, viber or SMS correspondence. Being aware of these dangers go a long way in protecting us, as well as our parents and grandparents.
* * *
Paul Prantilla has over 20 years of experience and certifications in the IT and cybersecurity fields, and shares his advocacy of helping companies fight cybercrime as director for security operations of Red Rock IT Security Inc.