April 1, 2024
MANILA – The Philippines faces growing cyberthreats from the exploitation of generative artificial intelligence (GenAI) and continuous targeting by China-backed cyberthreat actors, Texas-based cybersecurity firm CrowdStrike said in its 2024 Global Threat Report.
The report highlights how AI tools that can generate increasingly convincing text, images and video are making it easier for threat actors to spread misinformation and access sensitive systems.
Additionally, the speed of cyberattacks continues to accelerate. The report indicates that the average breakout time is down to only 62 minutes from 84 in the previous year (with the fastest recorded attack coming in at 2 minutes and 7 seconds). Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools in an attempt to compromise victims.
“Recent developments in generative AI puts a tremendously powerful tool in the hands of the average person and sophisticated adversary alike,” Fabio Fratucello, CrowdStrike Field Chief Technology Officer International, told the Inquirer in an interview.
According to him, these AI models “can learn the nuances of different languages, dialects, and even slang and colloquialisms from large datasets, allowing adversaries to generate authentic-sounding communication.”
This lowers the barrier for conducting convincing phishing attempts and disinformation campaigns, increasing risks for the Philippines where mobile and social media usage is high.
The report cautions that “Chinese, Russian and Iranian adversaries will likely conduct misinformation and disinformation operations with GenAI tools.”
Recent examples include the manipulation of videos for the 2024 Taiwan presidential elections using GenAI.
‘PH not immune’
Fratucello warns that “the Philippines is not immune to this fast-evolving threat.” He advised the public to be critical of information sources and motivations when assessing content authenticity.
The report also highlights increased targeting of the Philippines by Chinese-linked adversaries through supply chain compromises and third-party relationships.
“Throughout the second half of the year, an unattributed actor—likely to be China-nexus adversary Wet Panda—compromised an India-based information security software vendor and used the resulting access to distribute harmful software via legitimate update processes. Malaysian organizations were among the victims,” CrowdStrike said in a press statement.
Wet Panda is believed to be operated by a financially motivated Chinese cybercrime group. It infiltrates networks through phishing and other methods before encrypting key files and demanding payments in cryptocurrency to restore data.
Only recently, several government websites in the Philippines were hacked and defaced in a suspected cyberattack traced back to China. Affected sites included that of the Overseas Workers Welfare Administration, Philippine Coast Guard, and the official website of President Marcos.
The incident prompted the Department of Information and Communications Technology to launch an investigation into the cyberattack, which happened amid escalating tensions between Manila and Beijing in the West Philippine Sea. China, however, has denied involvement in the incident.
Regulators’ role
Fratucello noted that China-nexus groups were likely to leverage generative AI for surveillance, intellectual property theft and influence operations in Southeast Asia.
To counter these threats, he advised organizations to prioritize identity protection, cloud-native security, comprehensive visibility, rapid response times, and an internal cybersecurity culture.
Regulators also have a role to play in developing guidelines for the ethical and responsible use of GenAI.
“Generative AI requires critical considerations for how the technology is procured, trained and regulated,” he said.