‘Persistent’ hackers targeting PHL come from China: security expert
April 19, 2016 at 11:54
‘Persistent’ hackers targeting PHL come from China: security expert
By Zsarlene B. Chua, Reporter | Posted on April 13, 2016 11:47:00 PM
PHILIPPINE organizations are ‘twice as likely to face advanced cyber attacks than worldwide average’ according to a study by US-based virtual machine-based security company.
“We’re seeing tremendous attacks on government sectors followed by business processes outsourcing sectors, followed by gaming, hospitality and aerospace… and they are after sensitive information,” Eric Hoh, president of FireEye, Inc. Asia Pacific Japan, during a press briefing yesterday held at the Edsa Shangri-La Hotel in Mandaluyong City.
He pointed out that those launching the advanced are likely to be state-funded and thus have their hands on sophisticated technology.
“Whenever you have geopolitical issues and whenever tensions go up, the need for intelligence will continue to escalate — to obtain that intelligence (government intelligence, military, etc.) are through cyber,” he noted.
Their findings, which spanned the second half of 2015 (July-December), observed the exposure to advanced cyber attacks of FireEye customers.
The Philippines’ rate of exposure is at 30%, double the worldwide average of 15%.
Mr. Hoh noted that they are observing ‘at least three advanced persistent threat actors from cyber espionage to stealing financial information’ alongside other unclassified groups.
“We have seen three China-based groups active in the Philippines and those are the three (persistent threat actors),” said Patrick Neighorn, FireEye Communications Manager for Asia Pacific in the same briefing.
“Earlier last year, we have already uncovered decade-old cyberespionage activities — that we called APT30 — that are likely targeting the Philippines,” he said.
The APT30 hacker group is said to have been spying on Asian governments and takes special interest in Southeast Asia and India according to an April 2015 post in the FireEye Web site.
One of the most recent attacks in the country occurred on March 27 when hacker group, Anonymous Philippines, defaced the Commission on Elections’ (Comelec) Web site more than a month ahead of the National Elections on May 9.
Shortly after the attack, another hacker group, Lulzsec, released a 340 GB data dump which included the personal details of some 1.3 million overseas Filipino voters and 15.8 million fingerprints as well as the admin accounts of Comelec officials.
The leak was touted by California-based global security software company, TrendMicro, as ‘the biggest government-related data breach surpassing the 2015 hacking of US personnel management which revealed fingerprints and social security numbers of 20 million Americans,’ the company said in a blog post dated April 6.
Comelec has enlisted the help of the National Bureau of Investigations to find the source and perpetrators of the leak.
“It is obviously very serious but I think what’s more important is to realize the value of the information [stolen],” he said before adding that a lot of times, personal information ‘can be used to launch attacks against individuals’ who may have access to government intelligence.
Mr. Hoh remarked that while he cannot comment on the Comelec data leak, he doesn’t think it would compromise the May 9 elections.
“I can’t comment on that but I don’t think it would,” he said.
Source: www.bworldonline.com