July 3, 2011

Expect more hacks on PHL gov't websites -Kaspersky Labs

The recent cyber-attack on the website of Vice President Jejomar Binay may just be the tip of the iceberg —the first of more attacks on Philippine government websites, a computer security firm cautioned over the weekend.

Kaspersky Lab Global Research and Analysis Team Director Costin Raiu said that the Philippine government must implement a defense strategy against attacks, and conduct security audits on servers to find vulnerabilities.

"Given the past incidents of this kind, it is expected that the attack will consist of a DDoS flood designed to bring down the server and make it unreachable. It’s possible the confidential information will be sought after, so the defense strategies would be multiple," Raiu said.

A DDoS (distributed denial of service) attack involves overwhelming a target website with visits from different sources until the site crashes.

Raiu said it is important to have an anti-DDoS plan, which may involve increasing the Internet bandwidth to subscribing to a specific anti-DDoS service plan.

Also, he said that once vulnerabilities are found, the websites' servers must go offline temporarily to reduce damage.

"Past logs should be analyzed for previous probes which could have uncovered bugs than can now be exploited," he added.

Contingency plans

Raiu also called for contingency plans in case attacks still get through.

"Of course, a highly sophisticated targeted attack will always succeed--this is why there should be mitigation steps as well as disaster recovery procedures —such as backups, server replacement/relocation and redundancy," Raui said.

He pointed out that any attack on a government website is a message of disrespect, showing people that they are not protected by their society's leaders.

Raiu said that other than the OVP site, other government websites recently attacked by hackers include those of the Department of Labor and Employment (DOLE), Philippine Nuclear Research Institute (PNRI), and the Food and Drug Administration (FDA).

Last year, the websites of the Technical Education and Skills Development Authority (TESDA), the Department of Interior and Local Government (DILG), and the Philippine Information Agency (PIA) were also hacked.

Similar attacks on Malaysia's government websites were done by a group of hackers, Kaspersky noted. — TJD, GMA News

No comments: