By AJ Dumanhug, CEO, Secuna
The Department of Foreign Affairs issued weeks ago an official statement saying that the country has denounced Russia's invasion of Ukraine and voted to support the United Nations General Assembly's resolution that condemns Russia's act of unilateral aggression.
As tension escalates across the globe, this political stand might open gates for the country to be attacked by Russia or its supporters. If not a physical war, the possible implication of this conflict is a massive surge in cyber attacks.
It can be recalled that immediately after Russia's tanks rolled and its missiles struck targets across Ukraine, its hackers launched waves of cyberattacks too. In the weeks and days leading up to the Russian invasion, Ukrainian websites were defaced and taken offline, and data-wiping malware was unleashed on government systems.
While the physical attack may have been a surprise to most, the virtual attack was not since Russia has used its cyberweapons against Ukraine for years. Russia has a record of coordinating cyber-attacks on Ukraine, the United States (US), and other adversaries. And the country has established itself in recent years as an international hub for cybercrime. Russia's past has raised fears of a large-scale cyberwar effort targeting Ukraine and its allies, including the US.
On the other hand, after declaring "cyberwar against the Russian government" a few weeks ago, the famed Guy Fawkes mask-themed hacker group Anonymous says it is now hacking Russian TV and streaming services. The group also claimed to have hacked other notable targets, including Russia's Space Research Institute website.
The war between Russia and Ukraine has been widely anticipated to play out online and on the ground. But the question for some is whether Russia will turn its cyberweapons toward Ukraine's allied countries.
Recently, the US has been targeted because of the war between those two countries. While the US administration has reportedly played out potential responses to cyber warfare, some experts have argued that they are not well prepared for a significant cyber-attack.
And now that the Philippines has already made a stand to condemn Russia's attacks on Ukraine, parameters have been at an unnecessary fire point in our green. But how will we respond once Russia also attacks our government and local companies' cyber domains? Are we even prepared for it?
We do not know the form of attacks that will arise or those that may emerge successfully. With this, as early as now, we should prepare our cyber defense. We must open our eyes to test if our government and corporate sector are safe from possible cyberattacks from Russia or other countries.
There are ways to test our country's cyber defense. One is through a bug bounty program approach tapping the best ethical hackers. They use their knowledge to discover potential entry points into systems and then breach them to determine the extent of damage they can cause. Another way is to utilize penetration tests to identify security vulnerabilities.
As an army of volunteer hackers is rising in cyberspace to defend Ukraine and target Russia's companies and institutions, finding cyber security assets and building a solid cyber army composed of white hat hackers or ethical hackers are essential to improve the country's cybersecurity measures.
There are groups of professional, ethical hackers globally, including other foreign nationals. Most organizations are prepared enough to combat attacks in the cyberwar in Ukraine versus Russia. They both onboard and employ a community of hackers to attack each other. Some of the partner companies of each are also being targeted. Ukraine requested help to build a team called "IT army" that is trying to breach the security and privacy of Eastern Russia on websites, servers, and the like.
In the Philippines, there exists a community of ethical hackers numbering almost 4000. We already have a cyber army, but companies and the government are not utilizing them. Ethical hackers will play an essential role in this scenario, and they could help the government or any organizations in collaborating with them to secure online assets or websites.
We have sufficient human resources in terms of cybersecurity experts to handle these threats in the country. And given this, now more than ever, we should make ethical hackers unite against cyber threats and create a roadmap for Philippine cyber defense.
About the Author
AJ Dumanhug is the co-founder and CEO at Secuna, a Philippine-based cybersecurity firm that offers penetration testing services. He's also a Cybersecurity Mentor for startups through Ideaspace Philippines, a Highly Technical Consultant for the National Privacy Commission, and a part-time Infosec Training Instructor at De La Salle-College of Saint Benilde SPaCE. He also worked as a full-time consultant for almost three years for the University of the Philippines System under UP Information Technology Development Center (ITDC). He and hackstreetboys compete in Capture the Flag tournaments on occasion, and they recently placed third out of 650 teams in the DEFCON Red Team Village CTF competition.