Filipinos under attack from Cyber Criminals

In 2015 the technology catchphrase is the “Internet of Things” – interconnected devices, on the Internet, sharing data, and helping users make smarter choices about their lives.

Security expert Eugene Kaspersky warns that while this comes with benefits, it too brings with it the “Internet of Threats.” While this view of things to come is pessimistic at best, it is also very real, too real in fact for users in the Philippines.

During it’s CyberSecurity Summit held alongside Interpol World in Singapore 2015 – security company Kaspersky Labs revealed two recently uncovered cybercrimes that involve the Philippines.

The first by a group called Naikon utilizes a tactic called spear phishing — a more targeted kind of attack via email, coming from what appears to be a trustworthy source. The goal of spear phishing attacks is to steal financial information and other personal data from users.

Leveraging on high user interest in breaking news events, particularly from users in the Philippines, Naikon Group sends emails to unsuspecting users containing supposed news updates.

These breaking news emails are timed with developing global stories like the MH370 crash, and are as timely as news updates from legit news outlets. If unsuspecting users, hungry for breaking news reports, open these attachments, their systems are immediately affected by malware.


Kaspersky Lab Director of Global Research Costin Raiu says the danger to ordinary users is clear and present, once infected, user’s computers can be unwittingly used to distribute pirated content, as a host for child pornography, or as a proxy for international terrorist attacks.

Just recently Kaspersky Lab also uncovered an Advanced Persistent Threat (APT) campaign that targets government institutions in the APAC region. 5 countries including the Philippines are known to have been victimized by the Hellsing cyber espionage group.


The goal is to acquire geopolitical data that can be used for counter intelligence. Apart from information pertaining to tensions in the South China Sea, counter intelligence also has business implications in industries like manufacturing and textile, where being able to offer goods at the cheapest price gives players and unfair advantage.

Hellsing also utilizes spear phishing attacks, sending emails with malicious documents including seemingly harmless PDF files to users known to have connections to government agencies. Once files are opened, a backdoor is then installed allowing hackers to take control of the compromised workstation.

Raiu says Hellsing malware has been detected in the Philippines, India, Indonesia, Malaysia and the US but with most victims being government and diplomatic organizations in Malaysia and the Philippines.

Last week Interpol also opened its Global Complex for Innovation in Singapore as a base for police forces, security experts and the private sector to work together to address emerging threats in cyber security.


Interpol Secretary General Jürgen Stock called the launch, “a much needed step in the right direction,” and a response to “worrying trends.”

“As technology development speeds ahead, so do the criminals, quite frankly leaving the world’s governments and their police forces behind,” he said.

The Complex houses a cyber fusion center – an intelligence hub that serves as a “secure and neutral collaboration workspace for the development of cyber intelligence” and a digital forensics laboratory where Interpol works with the likes of Trend Micro and Kaspersky to detect and address new threats from cyber criminals.