Boo! It’s the time of the year again when people talk about ghosts, monsters, and anything scary as Halloween approaches. However, these spooky creatures pale compared to the actual monsters lurking on the dark side of the internet all year around – hackers!
Unlike monsters from stories, these cybercriminals don’t wait for Halloween to cause trouble. They do it every day, and they’re getting better at it every year. You won’t believe it, but the Philippines ranks second on the global cyberattack list and recorded 3,000 “high-level” cyberattacks from 2020 to 2022. Here are a few recent spooky web security breaches from the Philippines that you definitely wouldn’t want to experience. Let’s explore the dark side of the internet together.
The Enigmatic Data Breach
In April 2023, the Philippines experienced a massive data breach that raised serious concerns about the security of sensitive information. This breach, under investigation by the Philippine National Police’s Anti-Cybercrime Group (ACG), involves an extensive 817.54 gigabytes of data encompassing 1,279,4237 records. Beyond the Philippine National Police, the breach impacts other government agencies, including the National Bureau of Investigation (NBI), the Professional Regulation Commission (PRC), the Civil Service Commission (CSC), and the Bureau of Internal Revenue (BIR).
VPNMentor’s recent report disclosed redacted copies of allegedly compromised documents, including certifications, national police clearances, and Bureau of Internal Revenue cards. Additionally, it exposed employee and applicant identification records, scanned birth certificates, diplomas, tax filings, passport details, police identification cards, and education transcripts. Even certifications from the justice department and local and regional court records were laid bare. The full extent of the breach remains uncertain, including how long the database was publicly accessible and whether unauthorized parties gained access.
GCash’s Phishing Nightmare
GCash, one of the Philippines’ most famous mobile payment apps, experienced a phishing attempt in May 2023. In a spine-chilling revelation, the National Privacy Commission (NPC) has concluded that the unauthorized transactions plaguing numerous GCash accounts were not a result of security vulnerabilities with the mobile wallet provider but were orchestrated by cybercriminals through relentless phishing attacks.
Privacy Commissioner John Henry Naga has uncovered a disturbing truth—mysterious “unknown threat actors” seized the opportunity to exploit innocent GCash users. They did so through channels like online gambling websites such as “Philwin” and “tapwin1.com.”
WannaCry Ransomware Attacks 28 Companies
In 2017, over 28 companies in the Philippines fell victim to a global ransomware attack. This malicious software, WannaCry, had previously caused web security chaos in more than 150 countries, affecting around 200,000 companies.
While a cybersecurity expert refrained from naming the affected companies, the most significant impact was on a multinational logistics firm. Fortunately, the damage wasn’t too severe; only about 30% of their computers and servers were infected. To fight back, these companies had to erase their servers and return their data from safe copies.
Anonymous Philippines Hacks COMELEC
On March 27, 2016, Anonymous Philippines hacked the Commission on Elections (Comelec) website, just over a month before the Philippines’ 3rd automated elections. The group demanded the implementation of security features for vote-counting machines (VCMs) and warned the Comelec to take action.
The hacked website displayed Anonymous Philippines’ message at 11:30 p.m. on Sunday but was restored by early Monday morning. Critics had been pressing the Comelec to address security concerns. Particularly regarding digital signatures and voting receipts as security features of VCMs. The Supreme Court had recently ordered the issuance of voting receipts as an added security measure. However, critics argue that these concerns have been overlooked since the country’s first automated elections in 2010.
Anonymous Philippines emphasized that elections are a crucial aspect of people’s sovereignty. Additionally, they raised questions about the integrity of the electoral process amid ongoing controversies. Comelec Spokesman James Jimenez reported that they restored the site and actively reviewed it as part of their security measures.
The $81 Million Vanishing Act
In early February 2016, a staggering $81 million vanished from Bangladesh’s central bank account. The stolen funds were funneled into a Philippine bank and laundered through Manila’s casinos. Over four years later, only $15 million has been recovered. Additionally, only one person, Maia Deguito, the manager of an RCBC branch, has been convicted.
The cyber-heist was meticulously timed, with Bangladesh Bank closed for the weekend and the Chinese New Year festivities in Manila. This leaves no one to notice the intrusion. Hackers employed malware to issue fraudulent transfer requests to the Federal Reserve Bank of New York via SWIFT accounts, transferring $81 million to fictitious accounts at an RCBC branch. These accounts were dormant for a year before the heist and received varying amounts of the stolen funds. Despite investigations and legal actions, the full extent of accountability remains elusive.
In Conclusion
As we’ve delved into these spine-tingling web security breaches from the Philippines, it’s crucial to remember that even the largest organizations can fall victim to the dark forces of the internet. In conclusion, cybercriminals spare no one, and the risks are real.
To ensure the safety of yourself, your business, and your valuable data, it’s wise to explore high-quality web security, web backup, and server management services provided by trusted experts like iManila. We make your online security our utmost priority. Our web backup services serve as a proactive measure against potential threats like hacking or malware. Our server management service ensures that we have a team that remains on standby. So they’re ready to respond promptly to any cyberattack incidents within your server environment.
Don’t be complacent; these stories show that the virtual world can be just as treacherous as any haunted house. Safeguard your digital presence today. Stay safe and secure in the digital world!
With 27 years of experience in the industry and an IT company at its core, iManila, having been one of the first Internet Service Providers in the Philippines, is committed to providing our clients with innovative information technology, web, and digital solutions.
iManila is a full-service business web development company in the Philippines ready to help you with WordPress website creation or building an ecommerce website for your business. From web design and development and website update and maintenance, to web hosting, email hosting, and technical, desktop and remote support, we are your team. Aside from this, we are also a website and mobile applications development company specializing in customized web systems for businesses in different industries and a top digital marketing agency that provides a wide range of digital marketing services. Talk to us!