Philippines feels the heat from hackers

Riot police block protesters wearing Guy Fawkes masks during a rally outside the House of Representatives in suburban Quezon city, north of Manila on 5 November, 2013. (Jay Directo / AFP Photo)

Among all ASEAN member countries, the Philippines is said to be the most susceptible to cyberattacks. Despite the dire warnings, the republic’s media and entertainment giant ABS-CBN still fell victim to a hack recently.

The company took down two of its online stores and admitted that sensitive personal data of 213 customers of the ABS-CBN store (store.abs-cbn.com) and UAAP store (uaapstore.com) may have been exposed to attackers.

Dutch security researcher Willem De Groot revealed the breach on the ABS-CBN store on his website. A payment skimmer injected into the website’s code was able to capture personal and financial data when customers purchased merchandise online. The information was then forwarded to a server in Irkutsk, Russia.

Based on the last date the code was modified, the malware had been in the website since at least 16 August. There is no telling when the infection first occurred. ABS-CBN only acted and took down the affected sites after De Groot attempted to contact the company.

According to ESET senior research fellow Nick Fitzgerald, the attack appears to be another Magecart malware campaign. It works by compromising scripts on the target website or a third-party site that hosts scripts used by the target site.

Magecart was believed to be responsible for recent hacks at Ticketmaster and British Airways (BA) in which about 380,000 BA customers were affected.

Although it was said that such a skimmer can bypass encrypted connections (signified by the prefix HTTPS), ABS-CBN did not even use such a connection, opting to use the older unencrypted HTTP instead.

ABS-CBN said it has reported the incident to the National Privacy Commission. It has also started to contact affected customers. “We also advise our customers not to give out additional personal and financial information to anyone who may be claiming to be an ABS-CBN representative,” the company said in a statement.

Suguru Ishimaru, security researcher at Kaspersky Lab also suggested users contact their banks to invalidate their credit card accounts and issue new replacements. They should also change their passwords, he added.

Fitzgerald advised users to also change the PIN on their cards and check for unknown transactions in their statements. If they use the same passwords for different sites including ABS-CBN, they should also change those passwords to something different for each of the sites adding that “this may be a good time to consider using a password manager.”

Ishimaru said ABS-CBN should identify the root cause of the hack and infection source so that they can secure their servers against similar attacks in future. “This serves as a lesson to companies providing e-commerce services and other Internet-connected services to constantly monitor their systems against any suspicious activities,” he said. “They should always think about security.”

Source: International Telecommunications Union, Australian Strategic Policy Institute

Security should be at the forefront of companies in the Philippines. It was listed in the United States (US) Federal Bureau of Investigation’s (FBI) 2017 Internet Crime Report as the tenth most attacked country on the Internet.

In the Global Cybersecurity Index published by the International Telecommunications Union, the Philippines is ranked 37th in cybersecurity preparedness, behind Singapore (1st), Malaysia (3rd) and Thailand (22nd). The Australian Strategic Policy Institute placed the Philippines at 15th for cyber maturity in Asia Pacific. The relatively high ranking is due to the country having cybersecurity-related laws such as the Data Privacy Act, Electronic Commerce Act and Anti Wire-Tapping Act.

The Philippines was the ninth most attacked country in 2Q18, with 10.8 million web malware infections, said Kaspersky Lab. This was up from 5.6 million infections in 1Q18 and 3.1 million in the same quarter for 2017. Home networks represented 39.4 percent of web infections while 11.2 percent infected business networks.

In March 2016, the data of at least 55 million registered voters were leaked online after the Elections Commission’s systems were hacked. The month before, the Bangladesh Central Bank was hacked and US$81 million was transferred to bank accounts in the Philippines bearing fictitious names.

Being the most targeted country in Southeast Asia by hackers is an ignominious title to have. Now, with e-commerce sites added to the list of cyberattack victims, more should be done to plug the security holes if the Philippines intends to undergo digital transformation.

Related articles:

ASEAN’s cybersecurity needs beefing up

Can ASEAN stop the scourge of cybersecurity threats?