Cybersecurity Case: How DICT’s Advanced Tech Battles Global Cyber Adversaries
In recent published reports of cyberattacks on Philippine networks (gov.ph) attributed to the LonelyIsland, Meander and Panda group, the Department of Information and Communications Technology (DICT) has stepped forward, showcasing its formidable capabilities.
Here are some of the points that is worth noting:
- DICT’s Display of Skills and Capabilities:
The DICT’s advanced cybersecurity capabilities acts as a powerful deterrent to would be attackers. Whereas in the past, cyber incursions were left unchallenged, today, the DICT enables each Gov.ph online presence to be routinely monitored. The DICT’s ability to identify not only the attacks but also the groups behind the attack is equally impressive.
Considering that the Emissary Panda group is a known stealth operator, it takes an incredible amount of skills an patience to be able to identify Panda group’s incursion. This highlights the sophistication of DICT’s technologies, providing valuable insights into the evolving landscape of cyber threats.
2. Attribution to Chinese State?
Despite the attacks originating from China, it’s crucial to note that implicating the Chinese state is not so straightforward. Usec Dy rightly points this out. In addition, BNSHosting can cite parallels with other cases:
a. Just as PLDT is a ranked 3rd as a major source of attacks, it does not mean that PLDT is the perpetrator itself. It only means that the attacks came from PLDT owned IP addresses. In the same vein, China Unicom’s IP addresses ( №31, Jin-rong Street) that are the #1 source of the attacks may have been used as compromised servers as well.
World wide, the trend is hackers rarely launch attacks from their own country of origin:
b. In fact, UK (2nd) and US (4th, 10th) are the OTHER major sources of cyber incursions. Again, we note that attackers often operate from servers outside their home country.
4. Protecting Yourself:
To enhance personal and organizational cybersecurity, consider the following measures:
a. Subscribe to Cyber Threat Intelligence:
Stay informed about evolving threats. These intel feeds often provide a list of IP addresses that are known to be cyber attackers. Blocking these IP addresses would stop any attacks from reaching your networks.
b. Patch Systems Promptly:
Should attacks breach your firewall, having a regularly updated and patched systems to reduce vulnerabilities will surely frustrate attackers and make life harder for them.
c. Run Anti-virus Checks:
Use reliable anti-virus software to scan for and remove malicious programs.
d. Analyze Security Logs Daily:
As cyber attacks regularly change patterns, so to must your network and security teams regularly review security logs to detect and respond to potential threats.
e. Fine-tune Firewall Logs Daily:
Optimize firewall settings to enhance network security by using the analytics from your security logs to fine tune their settings.
5. National Level Solutions:
To bolster cybersecurity at a national level, consider:
a. Legislation for ISPs:
Mandate ISPs to respond promptly to abuse reports based on the severity of threats. Currently, ISPs can ignore any abuse emails that they get from the internet community. These abuse emails often warn them of potentially compromised servers inside the recipient’s network. By ignoring these alerts, the ISPs are allowing the infection/compromise to spread further inside their network. This makes matters even worse. (See Emissary Panda’s penchant for Watering hole attacks).
This writer is amazed at the correlation between undelivered “mail full” errors to abuse emails AND the vulnerability of these networks. The more abuse emails that remain ignored, the higher the likelihood that these networks are vulnerable to attacks.
b. Maintain a Common Cyber Threat Database:
It is just common sense to share cyber attack intelligence among PH networks. An attack on one raises the alarm for the rest of the PH network. I hope the Government can establish a downloadable cyber threat database, similar to existing lists for anti-gambling(NTC) or banking anti-scam (Globe), anti-porn/COPA (PLDT), to facilitate collective defense against cyber threats.
By staying vigilant and implementing these measures, both individuals and the nation can contribute to a more resilient cybersecurity landscape.