22 Sep Philippine healthcare among most vulnerable to attacks — Kaspersky
THE PHILIPPINES’ healthcare industry is among the most vulnerable to cyberattacks in Southeast Asia, according to Kaspersky.
The ProxyLogon vulnerability often attacks the Philippine healthcare sector, Thailand’s government services and Indonesia’s industries, the global cybersecurity company said in its Digital Footprint Intelligence report.
ProxyLogon allows threat actors to bypass authentication and execute code remotely as privileged users. This means malicious actors can reach a victim’s server from any location with internet connectivity.
In the Asia-Pacific region, the Philippines is also the most affected country by ProxyShell, which allows a cyber-criminal to bypass authentication and execute code as a privileged user. It is also common in Pakistan and Malaysia, Kaspersky said.
ProxyLogon and ProxyShell attacks allow cyber-criminals to execute what they please within a victim’s computer environment.
The government and industries are the most vulnerable from ProxyLogon and ProxyShell, Kaspersky said. “Attackers prepare to attack, exchange data and get money on the Darknet.”
It added that cyberattacks are being prepared against companies from these countries, data with their users are sold on Darknet forums and malware is hidden in their infrastructure.
Kaspersky said the best defense against these threats is to keep public-faced systems updated. Companies should also avoid direct access to exchange servers from the internet.
In 2021, Kaspersky monitored 16,003 remote access and management services available for exploitation.
“Indonesia, India, Bangladesh, the Philippines and Vietnam provide the maximum facilities for an attacker to gain remote access,” said Kaspersky, adding that government institutions are serving more than 40% of the attack surface for “brute force attacks and credential leaks reuse.”
Cyber-criminals now have many options to infect lucrative industries, Chris Connell, managing director for Asia-Pacific at Kaspersky, said in a statement.
“In short, a cyberattack is like a ticking bomb,” he said. “While worrisome, reports such as our Digital Footprint Intelligence can be used as a tool to guide the cybersecurity capacity-building of concerned organizations. If you know your weak areas, it’s easier to prioritize.” — Arjay L. Balinbin