Cybersecurity

for Everyone
Fleur-de-lis A. Nadua
Cybersecurity Bureau
 image by www.whitesp-ce.com

NEW NORMAL
 110.3 Million total population
73.91 million users of the Internet on any device
89 million active Social Media users
10 hours 56 minutes average time spent on the internet per day

4 hours 15 minutes average time spent using social media

#1 Social Media user in the world
11

Source: Digital 2021 Philippines by WeAreSocial and Hootsuite

Our reality today
Data breach
everywhere!
 “Data is more valuable than
DATA HACK oil and is the most expensive
asset in the world.”
Top Cyber Threats
DATA HACK
Top Cyber Threats
DATA HACK
Top Cyber Threats
 Considered to be the worst recorded breach on a
government-held personal database in the world,
DATA HACK based on sheer volume.
Top Cyber Threats Databases of the following:

§ Voter Database Precinct-Finder (75,302,683

records)
§ Overseas Voters Database (1,376,067
records)
§ iRehistro Registration Database (139,301
records)
§ Firearms Ban Database (896,992 personal
data records and 20,485 records of firearms
serial numbers)
§ COMELEC Personnel Database (1,267
records)
DATA HACK
Top Cyber Threats
Banks are robbed virtually!
ATTACKS ON BANKS
Top Cyber Threats

Cyberattacks on financial firms have

become a flourishing money-making
business for cybercriminals.

As per the report from a cybersecurity

firm’s research, cyberattacks against banks
spiked by a massive 238% from the
beginning of February to the end of April
2020.

This is because the sector deals with what

the attackers want the most--money and
personal information.
ATTACKS ON BANKS
Top Cyber Threats

The Bangladesh Bank Heist took place in

February 2016 when hackers planned to
fraudulently withdraw US$ 1 billion from the
account of Bangladesh Bank, the central bank of
Bangladesh. $81M of that found its way to RCBC
Bank.

The Bangladesh Bank Heist was linked to a

customized malware attack known as Dridex
malware that compromised SWIFT software used
to transfer funds. It was designed to hide traces
of fraudulent payments from the bank's local
database collections. Once money is transferred
via SWIFT, it’s typically not reversible, which
makes this attack even more clever.
 Critical
sectors are
attacked!
CHILDREN are targeted by
SEXUAL PREDATORS!
TARGETING of CHILDREN by
SEXUAL PREDATORS
Top Cyber Threats

The Philippines has emerged as a global hot spot

for online child sexual exploitation, and coronavirus
lockdowns that restrict millions to their homes have
worsened the abuses.

Users looking to exploit children lurk in dark corners

of the internet to trade illegal, lewd photos of
children. This is done over email, peer-to-peer
programs, or, increasingly, through the dark web,
an area of the internet that is inaccessible with
standard search engines.

Sexual predators try and lure them into meeting

offline, as well as either sending or asking for lewd,
pornographic images.
Classrooms are hijacked!
 ZOOMBOMBING
Top Cyber Threats

The sudden change in the educational landscape

brought about by the COVID-19 pandemic has
exposed teachers and students to “Zoom bombing.”

Zoombombing refers to the unwanted, disruptive

intrusion, generally by Internet trolls, into a video-
conference call. It is a form of cyberattack that can be
a shocking and traumatic experience for students.
Attacks have exposed students to sexual predators and
other cyber criminals.
Children are BULLIED!
 CYBERBULLYING
Top Cyber Threats

One in three young people in 30 countries said

they have been a victim of online bullying, with
one in five saying they skipped school due to
cyberbullying and violence, according to a poll
released by UNICEF.

In the Philippines, latest national data show that

cyberviolence affects almost half of children
aged 13-17.
CYBERBULLYING
Top Cyber Threats

With schools forced to implement

alternative education modalities such as
online learning due to the COVID-19
pandemic, incidences of cyberbullying are
expected to soar even higher.
 CYBERBULLYING
Top Cyber Threats

Why is CYBERBULLYING worse?

Persistent – Digital devices offer an ability to immediately and continuously communicate 24
hours a day, so it can be difficult for children experiencing cyberbullying to find relief.
Permanent – Most information communicated electronically is permanent and public, if not
reported and removed. A negative online reputation, including for those who bully, can impact
college admissions, employment, and other areas of life.
Hard to Notice – Because teachers and parents may not overhear or see cyberbullying taking
place, it is harder to recognize.
IDENTITIES
are stolen!
CATFISHING
Top Cyber Threats

Catfishing is when someone uses

images and information (often taken
from other people’s social
media accounts) to create a new identity
online – sometimes using an individual’s
entire identity as their own.
GROOMING
Top Cyber Threats

Grooming is when someone

builds a relationship, trust and
emotional connection with a
child or young person so they
can manipulate, exploit and
abuse them. Children and young
people who are groomed can
be sexually abused, exploited or
trafficked.
GROOMING
Top Cyber Threats
Threat Actors Motivation

Script Kiddie Attention

Organized
Profit
Cybercriminals

Hacktivists Ideological

Nation-State Geopolitical

Insider Threat Revenge

 We are only as
STRONG
as our
WEAKEST LINK.
Zero risk
does not
exist.
CYBERSECURITY
- The state of being protected against the criminal or
unauthorized use of electronic data, or the measures taken
to achieve this.

- The collection of tools, policies, security concepts, security

safeguards, guidelines, risk management approaches,
actions, training, best practices, assurance and
technologies that can be used to protect the cyber
environment and organization and user's assets. (ITU)
 Knowing how
cybercriminals think and
attack could prevent
you from turning into
another victim.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering / Malware Attack is a malicious software

Phishing that is installed in someone else’s device

without their knowledge to gain access to
6. Business e-Mail
personal information or to damage the
Compromise device, usually for financial gain.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering / Common Types of Malware

• Virus
Phishing
• Worms
6. Business e-Mail
• Trojans
Compromise
• Spyware
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing Ransomware is malicious software that

6. Business e-Mail infects your computer and displays

messages demanding a fee to be paid in
Compromise
order for your system to work again.
CYBER THREATS
RANSOMWARE
There's been a huge increase in the number of
ransomware attacks over the course of 2020, with a
seven-fold rise in campaigns compared with just a year
before, according to a data released from cybersecurity
researchers.

Ransomware attacks have been on the rise and getting

more dangerous in recent years, with cyber criminals
aiming to encrypt as much of a corporate network as
possible in order to extort a bitcoin ransom in return for
restoring it.

A single attack can result in cyber criminals making

hundreds of thousands or even millions of dollars.
CYBER THREATS
RANSOMWARE
Top Cyber Threats for Business in 2020
CYBER THREATS
RANSOMWARE
Top Cyber Threats for Business in 2020

$870,000,000 Pharmaceutical company Merck

$400,000,000 Delivery company FedEx (through
European subsidiary TNT Express)
$384,000,000 French construction company Saint-Gobain
$300,000,000 Danish shipping company Maersk
$188,000,000 Snack company Mondelēz (parent
company of Nabisco and Cadbury)
$129,000,000 British manufacturer Reckitt Benckiser
(owner of Lysol and Durex condoms)

$10 billion total damages from NotPetya, as

estimated by the White House.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing Ransomware is malicious software that

6. Business e-Mail infects your computer and displays

messages demanding a fee to be paid in
Compromise
order for your system to work again.
7. Online Scam
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack
Distributed DoS A distributed
5. Social Engineering / denial-of-service (DDoS) attack
occurs when multiple systems flood
Phishing the bandwidth or resources of a
targeted system, usually one or more
6. Business e-Mail web servers. A DDoS attack uses more
than one unique IP address or
Compromise machines, often from thousands of
hosts infected with malware.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack
A supply chain attack,
3. Man in the Middle Attack also called a value-chain
or third-party attack,
4. Password Attack occurs when someone
5. Social Engineering / infiltrates your system
through an outside
Phishing
partner or provider with
6. Business e-Mail access to your systems
Compromise
and data.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing • A vulnerability within the
Solarwinds Orion monitoring
6. Business e-Mail products.
Compromise • Sunburst and Supernova malware
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack
A man-in-the-middle (MitM) attack
5. Social Engineering / is when an attacker intercepts
communications between two
Phishing parties either to secretly eavesdrop
or modify traffic traveling between
6. Business e-Mail the two. Attackers might use MitM
attacks to steal login credentials or
Compromise personal information, spy on the
victim, or sabotage communications
or corrupt data.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering / Kinds of MitM Attack

Phishing • IP spoofing
• DNS spoofing
6. Business e-Mail
• HTTPS spoofing
Compromise • SSL Hijacking
• Wi-Fi eavesdropping
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack
Brute force attack - involves running through as
many combinations of potential passwords as
5. Social Engineering / necessary to hit on the right one.

Phishing Dictionary attack - a dictionary of common

passwords is used to attempt to gain access to a
user's computer and network.
6. Business e-Mail
Compromise Keylogging - relies on getting a piece of malware
onto your computer that watches what you're
doing and keeps track of what you type, sending
that information to a hacker.
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

Social engineering is the art of
4. Password Attack
manipulating people so they give up

5. Social Engineering / confidential information. Phishing is a

kind of social engineering that trick users
Phishing
into clicking on malicious links or opening
6. Business e-Mail unknown attachments for them to provide
sensitive data, such as personal
Compromise
identifiable information, financial details,
and passwords.
 1. Malware Attack
Phishing Attacks &

CYBER THREATS
2. Supply Chain Attack Social Engineering
Top Cyber Threats for Business in 2020

3. Man in the Middle Attack

Cybercrime in the Philippines is on a rapid rise,
with phishing campaigns alone up 200% since
4. Password Attack the country went into lockdown in March.

Phishing scams attempt to take advantage of a

5. Social Engineering / perceived lack of digital literacy in the country,
sending emails, calls, or text messages from
Phishing (often near-identical to the source they are
imitating) false or stolen identities, in order to
convince the victim to click on fraudulent links, or
6. Business e-Mail otherwise divulge personal information somehow
including data such as passwords, bank account
Compromise information, and other confidential data.
 1. Malware Attack
Phishing Attacks &

CYBER THREATS
2. Supply Chain Attack Social Engineering
Top Cyber Threats for Business in 2020

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise
 1. Malware Attack

CYBER THREATS
2. Supply Chain Attack

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Business Email
Phishing
Compromise (BEC) is a type of
6. Business e-Mail scam targeting companies who
Compromise conduct wire transfers and have
suppliers abroad.
 1. Malware Attack Business e-Mail

CYBER THREATS
2. Supply Chain Attack Compromise
Top Cyber Threats for Business in 2020

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail The 2019 FBI cybercrime report indicates

that losses from Business Email
Compromise Compromise attacks are approximately
$1.7 billion, which accounts for almost half of
all losses due to cybercrime.
 Business e-Mail

CYBER THREATS
Compromise
Top Cyber Threats for Business in 2020

TOYOTA, 2019

SAVE THE CHILDREN, 2018

 Business e-Mail

CYBER THREATS
Compromise
Top Cyber Threats for Business in 2020
 Business e-Mail

CYBER THREATS
Compromise
Top Cyber Threats for Business in 2020
 Business e-Mail

CYBER THREATS
Compromise
Top Cyber Threats for Business in 2020
 Business e-Mail

CYBER THREATS
Compromise
Top Cyber Threats for Business in 2020
 1. Malware Attack Business e-Mail

CYBER THREATS
2. Supply Chain Attack Compromise
Top Cyber Threats for Business in 2020

3. Man in the Middle Attack

4. Password Attack

5. Social Engineering /
Phishing

6. Business e-Mail
Compromise

7. Online Scam
 Rushing and the
lack of awareness
make the perfect setting for
a successful cyber attack
or cyber crime .
How can we be
Cybersafe?
BACKUP
BACKUP
BACKUP
BACKUP
Do Secured Browsing
 Do Secured Browsing

Secure | https://www.staycybersafe!!!!!!!!!
 GIF by Panda Security

Use VPN
 GIF by ColorOS Community

Use Anti-Virus

4
 GIF by MilesWeb Hosting

Use Firewalls
Use Strong Passwords
Use Strong Passwords

• Do not use the same password for all your

accounts
• Change your password regularly
• Use at least a 12-character password
• Use a passphrase, your native language,
or any other technique
• Use a secure password manager
 GIF by Huawei

Secure your Devices

a. Be careful of what you plug in to
your devices

b. Don't mindlessly install 3rd party

apps directly from the internet

c. Don't forget to patch your operating

systems and update your apps and
programs

d. Be mindful in connecting to free

public wi-fi networks
 PHOTO by kidshelpline.com.au

Secure your Online Accounts

a. Use 2FA/MFA

b. Only add people you

know
 PHOTO by Noelle Otto

Verify
 GIF by kimemsonanimates.com

Awareness
& Attitude of
Distrust
Report and ask help from
authorities
Cyber Complaint
Points of Contact
Philippine National Police National Bureau of
Anti-Cybercrime Group Investigation – Cyber
(PNP-ACG) Crime Division (NBI-CCD)

(02) 7414-1560 (02) 8523-8231 local 3454/3455

0998 598 8116 - Smart (02) 8523-8231 to 38
[email protected] (02) 8524-5084
fb.com/anticybercrimegroup [email protected]

DICT – National Computer National Privacy Cybercrime Investigation

Emergency Response Commission (NPC) and Coordinating Center
Team (CERT-PH) (CICC)
09451534299 – Globe
(02) 8920-0101 local 1708 09399638715 – Smart (02) 920-0101 loc. 1200
0921 494 2917 - Smart [email protected] [email protected]
0956 154 2042 - Globe [email protected] fb.com/CICCgovph
[email protected] fb.com/privacy.gov.ph
fb.com/ncertgovph https://www.privacy.gov.ph/
Cybersecurity is not
expensive compared
to the cost of having
a cyber attack.
design by ngupakarti
Connect with us!

fb.com/CYBERSECgovph

twitter.com/CYBERSECgovph

youtube.com/DICTCybersecurity
Cybersecurity
for Everyone
Fleur-de-lis A. Nadua
Cybersecurity Bureau