The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.
According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas.
The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world.
A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity.
The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards.
He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology.
Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers.
As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.
He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches.
Past violations of cybersecurity
Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines.
The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude.
Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.