Cyber attacks pose real threats, Sen. Tulfo warns

SEN. Raffy Tulfo raised the alarm over the clear and present danger on Philippine national security due to the country’s lack of cyber-security infrastructure and technology to counter present and future cyberthreats.

During the Senate Finance Subcommittee Hearing on the proposed 2023 budget of the Department of Information and Communications Technology (DICT) and its attached agencies on Tuesday, September  20, 2022, Tulfo stressed that the Philippines is vulnerable to cyber attacks from foreign countries perceiving it as enemies.

“I fear for my country, I fear for our people, I fear for my family, na baka isang umaga ay magigising tayo na iba na ang takbo ng Pilipinas,” the senator said, warning,“It is possible for foreign hackers to launch widespread cyber attacks to countries they perceived as enemies to create chaos.”

The senator issued the statement after representatives from the DICT and Cybercrime Investigation and Coordinating Center (CICC) confirmed that the Philippines has weak defenses against cyberthreats and attacks.

First off, Tulfo cautioned DICT and CICC against the so-called watering hole technique, which is used by hackers to infect virus to computers that suppliers distribute to an intended target. Hackers would normally wait for the infected computers to be installed and call home before launching attacks.

He also warned them against a virus called “zombies,” which previously infested more than 730,000 American computers and turned them into “slave computers” that were used in cyber attacks.

Another cause of cyber-security concern, Tulfo noted, is the group of hackers called Hidden Lynx, which has been linked to high-profile cyber attacks around the world. It has attacked tech companies such as Google, financial service providers, defense contractors, and government agencies.

Considering all these, Tulfo stressed the need for the government to be extra cautious in procuring computers and other technological needs from foreign countries, saying it must not purchase from countries perceiving Philippines as an enemy.

“Marami po ang maaapektuhan kapag nag-launch ang ibang bansa ng cyber attack against us,” the senator warned. “Kaya ng hackers sirain ang operations ng ating power grid, public utilities, government offices, and even military installations. Kaya dapat magiingat po tayo when it comes to procurement of computer systems,” he warned.

Tulfo added that cyber attacks could affect railway trains, communications, and banking and financial institutions.

The lawmaker likewise raised the possibility that foreign hackers can also interfere in election process, just like what happened in the 2016 election where there was widespread false and malicious information dissemination.

Tulfo further expressed alarm on the installation of cell towers partially owned by a foreign entity within the country’s military camps, as it poses serious national security threats.

Although DICT agreed that it might be a national security issue, they said that they were excluded on the committee that approved the installation of said cell towers.

Tulfo then sounded the alarm, considering that cyberattacks already happened in other more technologically advanced countries, citing the attack against Ukraine’s electric grid in 2015 and the cyberattack against British national health centers in 2017.

The lawmaker likewise pointed out that foreign hackers launched cyberattacks on Aramco, a giant oil company in Saudi Arabia, in 2021. If it happened in these countries, the senator warned it could also easily happen in the Philippines.

Amid the country’s weak defenses, Tulfo hopes that Congress would consider increasing the 2023 budget of the DICT and its attached agencies.

‘Vulnerabilities’

The Philippines is one of the top three countries that are most vulnerable to external cyberthreats in Southeast Asia, with its health-care industry being the “most affected” by ProxyLogon—a type of attack that enables threat actors to bypass authentication and execute code remotely as privileged users.

In its recent Digital Footprint Intelligence Report, Kaspersky noted that the Philippines, along with Malaysia and Vietnam, is one of the top countries with the highest “share of vulnerabilities with publicly available exploits.”

“The most affected country by ProxyShell was the Philippines [with] 28.6 percent of vulnerable services. As for ProxyLogon’s greatest impact, 43 percent of vulnerable services were exposed to it,” the report read.

The Philippine health-care industry was the “most affected country” by ProxyLogon and its financial industry shared the top spot with China.

Exploits for ProxyShell and ProxyLogon vulnerabilities are easily available on the Internet. Hence, they can be easily exploited by even a low-skilled attacker.