A ransomware attack at the Department of Migrant Workers (DMW) in the Philippines this week has resulted in the temporary suspension of online services, including those for issuing Overseas Employment Certificates (OECs) and Overseas Filipino Worker (OFW) information sheets.
While the department says no OFW databases were compromised, and it is collaborating with the Department of Information and Communications Technology (DICT) to restore services and facilitate manual processing for necessary documents, the systems remain offline as a preemptive measure and users will have to undergo manual processing to get their passes.
“Cybercriminals are increasingly targeting critical infrastructure and government agencies, as evidenced by the recent ransomware attack on the Philippine Department of Migrant Workers,” said Patrick Tiquet, Vice President of Security and Compliance at Keeper Security. “The decision to swiftly take their systems offline was crucial to contain the breach and protect sensitive information, and demonstrates the importance of proactive measures to minimise potential damage. This isn’t an isolated incident. Last year, the Philippine Health Insurance Corp faced a similar ransomware attack, where hackers demanded USD300,000. These repeated attacks show that cybercriminals are expanding their focus beyond big corporations to government bodies, aiming to disrupt essential services and access valuable data.”
“To combat these threats, government organisations must bolster their cybersecurity defences,” added Tiquet. “Adopting a zero-trust security model in conjunction with least-privilege access, role-based access controls, a single sign-on solution and appropriate password security can greatly decrease the likelihood of a successful cyber attack and stymie the threat actor’s access. Companies should also have security event monitoring in place to promptly detect and respond to potential threats, implement regular system backups, establish comprehensive incident response plans and ensure that all staff receive thorough training in basic cybersecurity practices. Simple measures like keeping software up-to-date, using strong passwords and mandating the use of Multi-Factor Authentication (MFA) can go a long way in preventing attacks.
Kelvin Lim, Senior Director of Security Engineering at Synopsys Software Integrity Group, provides ten recommendations to protect organisations against ransomware attacks:
-
Data backup: This is a must-have and serves as a last line of defence against ransomware attacks where access to data is denied. Backups should be stored offline or in a separate network to prevent them from being accessed by ransomware;
-
Data encryption: This stops bad actors from gaining authorised access to the data in a ransomware attack;
-
User education: Awareness and training are essential. Users should be taught to spot phishing attempts and avoid clicking on dubious links or attachments;
-
Application Security: Adopt good application security practices to remove any security vulnerabilities embedded in the application;
-
Software updates: Update software regularly with the latest software patches and security updates;
-
Email Filtering: Block phishing emails and malicious contact before the email reaches the user’s mailbox;
-
Access control: Enforce the principle of least privilege, ensure that users are only allowed to access data and systems necessary for their work;
-
Network segmentation: This is to limit the blast-radius of the ransomware attack and restrict user access to only what is necessary for their roles;
-
Monitoring: It is important to have 24/7 monitoring and alerting functions on your network and systems to detect any unusual activities; and
-
Security audits: Regular security audits are necessary to identify any lapses in the systems, network, and processes.