Philippines faces surge in info stealer attacks — report

Philippines faces surge in info stealer attacks — report

By Miguel Hanz L. Antivola, Reporter

The Philippines needs to address the growing threat of info stealers and phishing scams, according to experts.

A report by the threat intelligence firm Cyberint found that the Philippines is the third most targeted in the Asia Pacific by info stealers, a growing special type of malware, with 523,561 recorded cases.

“Infostealers work by harvesting sensitive data from a compromised computer or server, then sending it to attackers,” Adrianne Chester Camat, threat intelligence lead at Cyberint, said in the study. 

“[It] can lead to breaches of access credentials, financial information, personal information, website cookies, offline wallets, operating system details, and even screenshots of the machine’s desktop and file structure,” he added. 

Mr. Camat noted that info stealer families operate similarly to a legitimate company, “complete with a CEO, support staff, technical staff, research and development, and so on.”

Top families in the APAC region include RedLine (51.4%), Aurora (39%), and Raccoon (9.52%), the study said.

The study also observed the growth of social media impersonations in the region, which is more prominent in the Philippines, where threat actors first monitor the comments section of institutional pages online, such as banks. 

“Then, they contact those users, claiming to be representatives of the bank and using fake social media profiles to make themselves appear legitimate,” Mr. Camat said. 

“This approach allows them to trick users into sharing credentials or clicking links,” he added. “Attackers may also be able to coordinate [multi-factor authentication] logins using this method since they can interact with customers in real-time.” 

“We don’t see any sign that sophisticated phishing attacks like these will slow down. [It] remains very profitable, and advanced attack techniques make it all the more lucrative by increasing the rate of successful attacks.” 

“The best way to stop social media impersonations is to monitor social platforms for signs of impersonation.” 

Assessing the awareness and proactiveness of Filipinos in cybersecurity is complex, yet many are still duped, Ronald B. Gustilo, national campaigner for Digital Pinoys, told BusinessWorld in a Viber message.

“[This] highlights the need for the government to increase its efforts in digital literacy programs and awareness campaigns,” he said. 

“Businesses and institutions should intensify its monitoring of social media impersonators and see that these fake pages are reported,” he added, suggesting their premium subscription to social media services for verification. 

“They should prioritize employee training on cybersecurity, implement multi-factor authentication, and regularly update security measures to mitigate the risk of social media impersonations and info stealers.” 

Additionally, Mr. Gustilo said the government must enforce and strengthen cybersecurity regulations and foster collaboration between industry experts and authorities to curb the growing issue.

Sam Jacoba, founding president of the National Association of Data Protection Officers of the Philippines, urged the government to secure the country’s critical infrastructure by the first quarter of next year, and sign the National Cybersecurity Plan 2023-2028 as an executive order. 

“Give a deadline to all government agencies to comply within 12 months of the EO being signed,” he said. 

“Assign a person to be accountable per government unit, and allocate budget and resources to ensure that they succeed; form a team that will monitor this through quarterly reviews,” he added.