These Gov.PH sites are sorted by agency to show which of the malware infected sites have been fixed. The next table shows those that still have to be addressed. See backstory here: https://mb.com.ph/2023/01/03/why-are-some-gov-ph-websites-redirecting-users-to-gambling-sites-2/
Why are these malware links still working?
Government agencies, like any organization, may experience delays in addressing vulnerabilities for a variety of reasons. Some of the most common include:
- Limited resources: Government agencies often have limited budgets and staff, which can make it difficult to allocate resources towards addressing vulnerabilities. This can be especially true for smaller agencies or those that have other pressing priorities. (Idea from: https://www.prominentfc.com/business-services-faq/)
- Bureaucracy: Government agencies are often subject to bureaucratic processes and regulations that can slow down decision-making and action. For example, there may be multiple levels of approval required before a vulnerability can be fixed, or certain procedures that must be followed before taking action.
- Complex systems: Government agencies often have complex systems in place, such as legacy systems or systems that are critical to the functioning of the agency. Fixing vulnerabilities in these systems can be more difficult and time-consuming than in simpler systems.
- Risk management: Government agencies may prioritize addressing vulnerabilities based on the level of risk they pose. High-risk vulnerabilities may be addressed quickly, while low-risk vulnerabilities may be given a lower priority. (Idea from: https://www.strobes.co/blog/the-top-10-vulnerabilities-of-2022-mastering-vulnerability-management)
- Lack of expertise: Government agencies may lack the internal expertise to address certain vulnerabilities, which can slow down the process of identifying and fixing them.
- Collaboration: Government Agencies may need to collaborate with other agencies or organizations to address vulnerabilities, which can slow down the process as coordination and communication are needed.
What SHOULD Govt Agencies do?
There are several steps that government agencies can take to resolve malware links faster:
- Implementing automated systems: Automated systems, such as intrusion detection and prevention systems, can quickly identify and block malware before it can cause damage.
- Regularly update software and systems: Regularly updating software and systems can help ensure that vulnerabilities are patched in a timely manner, which can reduce the risk of malware infections.
- Providing employee education and training: Employee education and training can help reduce the risk of malware infections by ensuring that employees are aware of the risks and know how to identify and avoid malicious links.
- Creating incident response plans: Having a well-defined incident response plan in place can help ensure that the agency can respond quickly and effectively to malware incidents.
- Enhancing internal security measures: By implementing internal security measures, such as firewalls, intrusion detection systems, and antivirus software, government agencies can help protect against malware and other cyber threats.
- Sharing threat intelligence: By sharing threat intelligence with other government agencies and organizations, government agencies can help identify and respond to malware threats more quickly.
- Collaborating with Cybersecurity vendors: Government agencies can work with DICT’s cybersecurity teams to ensure that their systems and networks are protected against known and emerging threats.
- Outsource to a managed security service provider, the tedious tasks of monitoring their logs and networks for malware and other threats.
- Conducting regular security assessments: Government agencies can conduct regular security assessments to identify vulnerabilities and risks in their systems and infrastructure, which can help them address malware threats more quickly.
It’s worth noting that while these are steps that can be taken to improve the response time to malware links, it’s important to have a comprehensive security strategy that includes preventative, detective, and corrective measures to protect against cyber-attacks.
My thanks to our SecOPs interns from University of Pangasinan for helping to do the verification tasks on each of these sites. The list of malware links came from Eskie Maquilang, penetration testing engineer, KPMG.