Cyberattack vs. DOST was ‘one of biggest,’ but not impactful — DICT

PARTIAL ACCESS REGAINED

The Department of Science and Technology (DOST) recently suffered a relatively large cyberattack, but its impact to the organization was not extensive, the Department of Information and Communications Technology (DICT) said Thursday.

In a media briefing, DICT Assistant Secretary Renato Paraiso downplayed concerns regarding the incident, a day after DOST Secretary Renato Solidum said his office was treating the data breach with “utmost seriousness.”

“In terms of size, this is recently one of the biggest. But we have to understand, comparatively, the impact of it, hindi siya ganon kalaki (it’s not that big),” Paraiso said.

The DOST had reported Wednesday that almost two terabytes of its data was compromised by local hackers.

According to Paraiso, the compromised data include the personal information of scientists, members of the DOST organization, as well as the schematics and designs of invention projects, some of which are ongoing.

“DOST has been here for so long that, you know, ‘yung mga designs na—, ‘yung iba obsolete na, or ‘yung iba hindi naman nila in-approve, sinubmit lang sa kanila through emails, videos, and what have you,” he said.

(DOST has been here for so long that, you know, some of the designs are already obsolete or they were not approved and were only submitted through emails, videos, and what have you.)

Paraiso later said that some data involved ongoing projects, but authorities still need to determine the extent of the information breach.

He added that while the DOST was locked out of their system, no data was extracted.

“Right now ang nakikita namin, naka-locked out lang po. Walang extraction na ginawa ho,” Paraiso said.

(Right now, we see that we were only locked out. No extraction took place.)

No demands

Meanwhile, Paraiso said the DICT cannot conclude that this was a ransomware attack.

He explained that in such attacks, data is encrypted to prevent access and that hackers would later demand something in exchange for the encryption key.

“But because wala pa pong ransom or demand na ginagawa po, hindi natin—, we cannot conclude that this is a ransomware attack po. Unlike when it happened with PhilHealth na meron kaagad demand,” Paraiso said.

(Because there is still no ransom or demand, we cannot conclude that this is a ransomware attack. Unlike when it happened with PhilHealth, a demand was immediately made.”

“Ang una nga hong mensahe kaagad ng threat actors natin ay somewhat ‘political” in nature. So ganoon ho ‘yung tinitignan din namin. So hindi namin dini-discount ‘yung fact na it’s either part of activism or something more nefarious,” he added.

(The first message of our threat actors was somewhat ‘political’ in nature. So we are also looking into that. We are not discounting that it’s either part of activism or something more nefarious.)

Partial access

According to Paraiso, the DOST has regained partial access to its system.

He said the technical team still needs to gain access to the full system in order to do a deep investigation on what happened and the extent of the damage.

“We would take as much time as possible to gain access to the systems and to do our investigation naman. Again, hindi na ho lalala yung problema because we already employed remediation processes,” he said.

“The affected systems were already isolated, the endpoints were quarantined na po, the WiFi were separated. So ang ginagawa na lang namin ay kukunin yung access at magsasagawa ng imbestigasyon sa nangyari,” he added.

In a recent interview with GMA News Online, Paraiso said ICT systems become vulnerable typically because some technology or firmware may already be outdated.

He said the government procurement process may take a long time, while technology may change at a fast pace. — VDV, GMA Integrated News