The Cybercrime Investigation and Coordinating Center (CICC) has alerted the public on glitches in the Viber platform it had detected on Tuesday, Sept. 26.
The agency issued the advisory after it detected at around 10 am continuous failed attempts to send video and file transfers using the Viber platform.
“We have detected continuous failed attempts to send video and file transfers using the Viber system in multiple cities covered by the CAMS platform both domestically and internationally since 10 am today while Messaging and voice calls have been successful though the Viber platform,” CICC advisory said.
The advisory came less than two weeks after CICC formally launched the Consumer Application Monitoring Systems (CAMS) to monitor online applications to ensure consumer protection.
Meanwhile, the National Privacy Commission (NPC) said it has already been notified about the “Medusa” ransomware attack by state-owned insurance firm PhilHealth.
“The Complaints and Investigation Division of the NPC has taken swift measures to address this incident. We have issued a Notice to Explain to PhilHealth, seeking comprehensive information regarding the nature and extent of the data breach.
“Furthermore, we have issued an Order to Appear, compelling PhilHealth’s presence at a hearing scheduled for tomorrow, the 26th of September 2023. This will be followed by a Notice of Onsite Investigation on the 28th of September 2023.
The NPC said the directives have been initiated to evaluate the impact of the alleged data breach and to assess the mitigation efforts undertaken by PhilHealth, with a primary focus on protecting the interests of the affected beneficiaries and contributors.
“[W]e expect PhilHealth to provide a complete report within the next two days. This report must offer a comprehensive account of the breach, including details on the personal data that may have been compromised, and the measures implemented to contain and rectify the situation,” the privacy agency said.
Cybersecurity firm Kaspersky explained that the Medusa ransomware is a malicious software that encrypts victims’ data and demands a ransom for its release.
According to Vladimir Kuskov, head of Anti-Malware Research at Kaspersky, the threat actors behind this strain typically attack their victims via unsecured Remote Desktop Protocol (RDP) access and phishing campaigns.
“The attackers typically manually infiltrate the victim’s network, carry out reconnaissance, move laterally, steal the victim’s sensitive data, and finally launch the ransomware trojan that encrypts files with the .MEDUSA extension and leaves a ransom note,” said Kuskov.
“The Medusa threat actor uses the double-extortion tactic, threatening to leak the stolen confidential data of their victims on the ‘Medusa Blog’ on the TOR network if the ransom isn’t paid,” he added.
Kuskov warned that modern strains of ransomware, such as Medusa, are typically sold through the Ransomware-as-a-Service (RaaS) model. This means that hacker groups responsible for the attacks share a percentage of their ransom payouts with the malware authors, he said.
However, Kuskov said Kaspersky has not observed any statistically significant number of detections of Medusa ransomware in the Philippines or in the Southeast Asia region.
To protect against Medusa and other modern ransomware attacks, Kaspersky recommend the following:
- Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities
- Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.
- Back up data regularly. Make sure you can quickly access it in an emergency when needed.
- Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
