DepEd confirms hacking of website; says add’l 'security features' already in place

Published January 12, 2022, 8:29 PM

by Merlina Hernando-Malipot

An official of the Department of Education (DepEd) on Wednesday, Jan. 12, confirmed that the website of the agency was subjected to a cyber attack over the weekend.

(Image courtesy of DepEd Undersecretary Alain Pascua)

The said hacking of the DepEd website happened on Sunday, Jan. 9, Education Undersecretary for Administration Alain Del Pascua told the Manila Bulletin in a Viber message.

“It was detected at 8:06 p.m. and resolved by 10:13 p.m.,” Pascua said.

Pascua explained that the “image in the article was found in one of the subdirectories of DepEd but the homepage only displayed the text 72batman in white background.”

Given this, Pascua said that “additional security features have been applied” since December with the help of Microsoft.

“After each attack, this is also reviewed with them to determine other vulnerabilities and possible ways to address these,” he added.

In December, the website of DepEd also suffered two incidents of cyber attacks: the first one was on Dec. 2 and another one on Dec. 16.

In an Aide Memoire dated Dec. 16, Pascua said that the DepEd website was subjected to cyber attacks in the “form of multiple attempts to disrupt, its availability, publish malicious content, reroute its traffic to malicious websites unsuitable for children, destroy website links, and disable the ability to upload and publish new content required for DepEd operations.”

Pascua said that since then, the Information and Communications Technology Service (ICTS) has implemented several measures which include more frequent website monitoring; tracking and securing website accounts; and implementing additional application gateway and firewall settings to prevent security incidents and monitor unauthorized attempts.

The ICTS, Pascua added, also coordinated with content publishers of the website and conducted research and discussions with security professionals for ways to increase the capacity to prevent and detect security breaches.

“ICTS also included in its plans for 2022 the conduct of regular Vulnerability and Penetration Testing (VAPT) for the website and its other systems,” Pascua said.

Pascua added that the ICTS also continues to “review and identify ways to implement strict countermeasures for the cybersecurity of DepEd website to protect the integrity and safety of our stakeholders.”