Threat Actor: DeathNote Hackers | DeathNote Hackers
Victim: Department of Education | Department of Education
Price: Not specified
Exfiltrated Data Type: Not specified
Key Points :
- Data breaches were the most frequent incident type, impacting various sectors including government agencies, educational institutions, corporations, and health-related organizations.
- Website defacements occurred in January and April, affecting agencies and educational institutions.
- Ransomware attacks targeted entities such as ABS-CBN Broadcasting and FilMetrics Corporation.
This report provides an in-depth analysis of cyber incidents recorded by Deep Web Konek during the first half of 2024, categorizing them by incident type, affected agencies, and prominent threat actors.
Total Incidents: 130
Monthly Breakdown of Incidents:
- January: 6 incidents
- February: 29 incidents
- March: 19 incidents
- April: 19 incidents
- May: 41 incidents
- June: 16 incidents
Data Breaches:
Data breaches were the most frequent incident type, impacting a wide range of sectors including government agencies (e.g., Department of Education), educational institutions (e.g., New Era University), corporations (e.g., Toyota Motors Philippines), and health-related organizations (e.g., Maxicare Healthcare Corporation).
Website Defacements:
Website defacements, though less common, notably occurred in January and April, affecting agencies like the Bureau of Plant Industry and educational institutions.
Ransomware Attacks:
Sporadic incidents of ransomware attacks were reported, affecting entities such as ABS-CBN Broadcasting and FilMetrics Corporation. These attacks highlight the need for robust data protection measures.
DDoS Attacks:
Concentrated mainly in February, DDoS attacks targeted institutions like the University of Cebu and Central Philippine University, disrupting services and highlighting vulnerabilities in network defenses.
Malicious Web Scrapes:
Predominantly occurring in late May, malicious web scrapes targeted various municipalities, underscoring the importance of securing web-facing applications and data.
Top Threat Actors by Number of Incidents:
- DeathNote Hackers: 36 incidents
- ph1ns: 9 incidents
- Philippine Exodus Security: 7 incidents
- HulkSec Philippines: 7 incidents
- mekju: 5 incidents
- XSOS: 3 incidents
Recommendations:
- Enhance Cybersecurity Measures: Organizations should prioritize strengthening their cybersecurity defenses through robust firewalls, regular security audits, and employee training on phishing and other cyber threats.
- Implement Multi-factor Authentication (MFA): MFA adds an additional layer of security by requiring users to provide multiple forms of verification before gaining access to systems or data, reducing the risk of unauthorized access in case of credential theft.
- Regular Patch Management: Promptly applying software patches and updates can mitigate vulnerabilities exploited by threat actors. Establishing a routine patch management process is crucial to maintaining system integrity.
- Data Encryption: Encrypting sensitive data both at rest and in transit can safeguard it from unauthorized access, reducing the impact of potential data breaches.
- Incident Response Plan: Develop and regularly update an incident response plan to quickly mitigate and recover from cyber incidents. This plan should include clear roles and responsibilities, communication protocols, and procedures for data recovery.
Predictions:
- Increase in Ransomware Attacks: Given the sporadic yet impactful nature of ransomware attacks observed in the first half of 2024, it’s likely that ransomware will continue to be a prominent threat. Organizations should be prepared for targeted attacks demanding ransom payments.
- Evolution of Threat Actors: Threat actors like DeathNote Hackers and HulkSec Philippines have shown persistence and adaptability. It’s predicted they will continue to evolve their tactics, techniques, and procedures (TTPs) to evade detection and maximize impact.
- Targeting of Emerging Technologies: With the increasing adoption of technologies such as IoT (Internet of Things) and cloud computing, threat actors may increasingly target vulnerabilities in these areas. Organizations should prioritize securing these technologies and implementing best practices.
- Regulatory and Compliance Changes: As cyber threats evolve, regulatory bodies may introduce stricter cybersecurity requirements and compliance standards. Organizations should stay informed and proactive in meeting these obligations to avoid penalties and reputational damage.
- Collaboration in Threat Intelligence Sharing: To stay ahead of sophisticated cyber threats, collaboration among organizations, industry sectors, and government agencies in sharing threat intelligence will become more crucial. This can help identify emerging threats early and strengthen collective defenses.
The first half of 2024 witnessed a significant number of cyber incidents, with data breaches being the most prevalent. Threat actors such as DeathNote Hackers and HulkSec Philippines were notably active across multiple incident types. The report underscores the diverse range of affected agencies, from educational institutions to government departments and private corporations, highlighting the ongoing challenges in cybersecurity during this period.
By implementing proactive cybersecurity measures and staying vigilant against evolving threats, organizations can better protect their systems, data, and stakeholders from cyber incidents.
Full Report:
Link:
https://tablenotes.net/public/-O0zsCEVfmra88yRxgAN