A week ago, “Marie,” a resident of Quezon City, was preparing to share a funny YouTube video with her friends on Facebook. Her smile turned into a frown when she was told to log in.
For over 10 years, Marie, 40, had not logged out, and could not readily remember her log-in details. While looking for them, she received two phone calls from FB friends—one asking why Marie had blocked the friend, and the other verifying if Marie had indeed changed her name to that of a new boyfriend. Still another friend sent a screenshot of Marie’s FB profile and picture: Her name had been replaced with that of a male.
Marie eventually found her log-in details, but her username and passwords had been changed, locking her out. “I’ve been hacked,” she said sadly.
Last February, the website of CNN Philippines was also hacked. Users could not access the network that was then hosting a presidential debate for the May 9 elections. Earlier, other media outlets in the Philippines experienced repeated cyberattacks, according to Kaspersky, a multinational cybersecurity and antivirus provider based in Russia.
Mid-November in 2021, the online outfit PinoyMedia Center was overwhelmed by traffic. The following month, the portals of ABS-CBN News and Vera Files also came under fire. Rappler, an online news organization, was likewise attacked several times a month in the last quarter of 2021.
Flooding of media sites
Kaspersky said the media organizations were victims of Distributed Denial-of-Service or DDoS, a cybercrime involving the flooding of media sites to cause heavy traffic and deny entry to users.
Marie and the media outlets are among hundreds of individual and corporate or institutional victims of cyberattacks that have grown during the coronavirus pandemic and in different forms. In the first few months of the health emergency, the number of cyberattacks surged by over 200%, the Office of Cybercrime under the Department of Justice reported during a webinar on cybercrime trends in July 2020.
An explanation given for the trend was that people who had to stay home were conducting most of their activities online, whether working, surfing, studying in virtual classes, or attending Zoom webinars. More had become exposed and vulnerable to cyberattacks and crimes.
According to the Philippine National Police (PNP) Anti-Cybercrime Group, the identity theft of Marie and intrusions into her social networking account are common during the pandemic. The other offenses include online selling scams, phishing or smishing, SIM (subscriber identity module) card swap, online libel, profiteering, content-related, spreading false information, and estafa or swindling.
The top three crimes are phishing attacks, online scams, and trolling and misinformation.
In a study, Sophos, a British-based cybersecurity software and hardware company, noted an increase in ransomware attacks on corporations and institutions. It found that 69% of organizations surveyed in the Philippines experienced ransomware, an attack that encrypted systems and files for a ransom in 2021.
Ransomware is a crime like kidnapping, with decryption keys or access to files in the victim’s computer held for ransom. It is a malware designed to deny a user or organization access to its own computer files; access is regained through the easiest and cheapest way: paying the ransom.
The uptick in cyberattacks was also observed by Kaspersky Security Network (KSN), the cloud-based threat intelligence service of Kaspersky. In a news release last February, KSN said it had monitored cyberthreat attempts logged on devices of Kaspersky users in the Philippines, ballooning from 9.5 million in 2017 to 50.5 million in 2021—an increase of over 430%.
On malware, it discovered an average of 380,000 new malicious files daily, up by 20,000 in 2021 compared with the previous year.
A report by Asia Foundation cited a Kaspersky study stating that 37% of online users in the Philippines experienced some form of cyberattack in 2020.
The online crimes resulted in downtime and disrupted services that inconvenienced users and customers. Aside from lost opportunity costs, the victims suffered direct costs, such as repair and reconstruction of infrastructure (hardware, programs and files).
Potential economic losses in the Philippines due to cyberattacks can reach $3.5 billion, or 1.1% of gross domestic product, according to a 2018 study by Frost & Sullivan commissioned by Microsoft.
Last year, Philippine organizations incurred expenses to rectify the impact of cyberattacks at an average $1.34 million, including costs of downtime, people time, device cost, network cost and lost opportunity cost, according to Sophos.
The finding is part of Sophos’ annual report, State of Ransomware 2022, issued last April. The firm surveyed 5,600 information technology (IT) professionals in mid-sized organizations of 100 to 5,000 employees in 31 countries last January and February. It had 150 respondents from the Philippines and was vendor-agnostic, meaning they were also from organizations that did not use cybersecurity software.
The 69% of Philippine organizations that reported ransomware attacks in 2021 was slightly higher than the global average of 66%. The figure was also higher than the 42% of victim-firms reported in 2020 and the 30% in 2019, indicating a swell in ransomware cases in the country.
Ransom payment also rose to an average of $1.6 million, twice that of $820,000 in 2020 and double the global average of about $812,000 last year.
Compared to other countries surveyed in the study, the Philippines was the third highest in terms of average payments in 2021, next to Japan ($4.3 million) and the Netherlands ($2 million). Other countries that paid ransom higher than the world’s average were Israel ($1.3 million), India ($1.98 million), Singapore ($1.16 million) and Malaysia ($899,000). The lowest ransom was paid in Turkey (about $30,800).
Ransomware attacks are rising not only in the Philippines but worldwide. The global average for firms reporting ransomware attacks almost doubled from 37% in 2020 to 66% in 2021. Cases of successful encryption by hackers (e.g., they were able to deny access) also went up from 54% in 2020 to 65% in 2021.
Syndicates and organized crime have also targeted individual users for monetary and financial ends. In October 2020, the Department of Justice’s COO, an agency created under Republic Act No. 10175 or the Cybercrime Prevention Act of 2012, warned of a surge in phishing electronic mails (emails), vishing (voice/phone call), and smishing (SMS/text) in relation to online banking.
In the three forms of “shing” cybercrimes, a perpetrator poses as a legitimate institution, such as a bank, an online payment site, a tour operator, or an online commerce site and devises a message through email, phone call, or text message, respectively. The messages often contain links to websites that lure victims into revealing their personal information to include banking and credit card details, and usernames and passwords. The information is used by the perpetrator to access the victim’s account in illegal or fraudulent transactions.
Last June, Philippine Long Distance Telephone Co. and Smart Communications (PLDT-Smart) said it had blocked over 23 million smishing text messages in a span of three days. From January to May, it reportedly blocked more than 600,000 text messages linked to smishing, hoaxes and spamming, and almost 78,000 SIMs related to smishing, “more than double” that of the same period last year.
Globe Telecom Inc. said that in 2021, it blocked a total of 1.15 billion scams and spam messages, around 7,000 mobile numbers linked to scammers, and 2,000 social media accounts and phishing sites.
What can you do?
With the seemingly nonstop activities of cybercriminals, Filipinos are advised to be extra cautious and to get into the habit of practicing “cyber hygiene,” or regularly scanning devices for viruses, changing passwords, updating apps, software and operating systems, and wiping hard drives.
The PNP Anti-Cybercrime Group issued these to-dos: enabling system firewall, using different and strong passwords, using antivirus and anti-malware software, activating email’s anti-spam blocking feature, using Two Factor Authentication (2FA) for all online services, encrypting local hard disk, and shopping only from secure and known websites.
For parents, the advice is to monitor their children’s online activities.
Globe Telecom has also encouraged smartphone users to get automatic anti-smishing filters on messaging apps to help block spam or scam messages from unknown senders.