Government websites, including those of the executive branch and senatorial and congressional candidates, have been constantly attacked by hackers especially as the May 2025 midterm elections are upcoming, Department of Information and Communications Technology (DICT) Secretary Ivan John Uy said on Tuesday, Jan. 7.
DICT Secretary Ivan John Uy answers questions from the media during a press briefing in Malacañang on Tuesday, Jan. 7, 2025. (RTVM screenshot)
In a Palace press briefing after a Cabinet meeting, the first this 2025, with President Marcos, the DICT official admitted the continuous hacking of government websites, which hackers try to deface or install malicious software into.
“Actually, we are constantly under attack from different sectors, from hackers, from scammers. Well, these are persistent threat actors over the years,” Uy said.
“And what we are looking at today is that we have detected significant increase in many of the probing and the attacks especially as we come closer to the elections, this coming May,” he adding, noting the proliferation of “fake information or disinformation” in the cyberspace.
While the DICT is “repelling several hundred thousand attempts on a daily basis,” Uy revealed that the hacking attempts include the websites of senatorial and congressional candidates.
He explained the need to work also with the private sector in making them “be more aware of their cybersecurity preparedness, and at the same time, advising them on how to harden their respective infrastructure or information systems.”
But often, Uy said that the vulnerabilities being exploited are those in the “old system” or “legacy system.”
Some government agencies have yet to update their respective systems and are still using old systems, the DICT chief lamented.
“In most occasions, the one—if ever there are any compromises, we’ve seen that the data are old data. Some of them are being reposted again,” he noted.
Uy assured that there has been no data breach and no information compromised because these attacks remained “attempts” after the DICT detected them early on and secured the database and system.
“I’d like to reiterate that so far what we have seen is that no current information has been compromised. What we have seen so far are old data from many years ago that are being regurgitated, recycled just to make an impression that they were successful in doing so,” he emphasized.
The DICT chief added that the agency has been acquiring new systems and new equipment to address these hacking incidents since “scammers continually upgrade their game and continually acquire new equipment.”
The Philippines remains vulnerable to scams and cyber threats.
In July 2024, the Philippine National Police (PNP) reported that cybercrimes rose by 21.8 percent in the first quarter of this year compared to the same period in 2023. There were 4,469 cybercrimes from January to March 2024 compared to the 3,668 cases recorded in the same period in 2023.
That meant there was an average of about 49 cybercrimes daily for the first quarter of 2024, compared to just 40 in 2023.
In 2023, ransomware group Medusa hacked into the systems of the Philippine Health Insurance Corp. (PhilHealth) and leaked sensitive data, including bank details, of some 42 million members when the government refused to pay the “ransom” of $300,000.