On October 8, Sunday, an actor on Facebook posted download links to data files belonging to the Philippine Statistics Authority (PSA), and potentially the Department of Science and Technology's (DOST) OneExpert system, and the Philippine National Police (PNP) Forensic group.
The Philippine Statistics Authority (PSA) confirmed on Wednesday, Oct. 11, that its IT system was hacked but claimed the breach was only limited to its Community-Based Monitoring System (CBMS) based on its initial assessment.
While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions.
Cyberint noted that hackers (mostly “infostealers”) have turned to “vishing” and “smishing” to lure Filipinos to divulge personal information, and worst, to take control of personal accounts, found in e-wallets, etc.
According to security researchers, as of 3:20pm Manila time, the Medusa Ransomware group may have already published the PhilHealth data files obtained from the ransomware cyberattack which occurred on Sept. 22, 2023.
According to the countdown timer on the Medusa blog on the dark Web, the files they supposedly exfiltrated from PhilHealth's systems will be released on October 3 Philippine time if the $300,000-ransom is not paid in cryptocurrency.
Cybersecurity firm Palo Alto Networks held a media briefing on Wednesday, Sept. 20, to discuss its recently released 2023 State of Cybersecurity Asean Report, which showed that Philippine organizations weathered the highest number of disruptive attacks across Southeast Asia (SEA) last year.
During a press briefing in the Philippines, Alan Reyes, country manager of Fortinet Philippines, shared insights, including a decline in ransomware detections in the country during the first half of 2023.
Meanwhile, the National Privacy Commission (NPC) said it has already been notified about the “Medusa” ransomware attack by state-owned insurance firm PhilHealth.
