BSP Deputy Governor Chuchi Fonacier
MANILA — The Bangko Sentral ng Pilipinas (BSP) urged BSP-supervised financial institutions (BSFIs) to further strengthen their cybersecurity capabilities, citing that cyber criminals are taking advantage of the 2019 coronavirus disease (Covid-19) global pandemic.
“Cyber threat actors are taking advantage of the situation by carrying out criminal activities such as ransomware, phishing, cyber extortion and even launching cyber espionage activities,” BSP Deputy Governor Chuchi Fonacier said in a memorandum issued March 14, 2020.
Phishing allows cyber criminals to get unsuspecting people’s sensitive data, such as personal information, banking and credit card details, and passwords by sending out electronic mails and messages through the short messaging system (SMS), as well as phone calls that pose as legitimate transactions.
Ransomware, in turn, is a malicious type of software designed to block an individual’s access to a computer system until he has paid a certain amount of money.
“Recent threat intelligence sources are citing that the threat actors are propagating phishing/spear phishing campaigns containing links to Covid-19 or coronavirus-themed malicious websites and/or attachments,” Fonacier said.
She said phishing emails initially appear to provide information on how a person can protect himself/herself from the Covid-19, while some even contain legitimate statements/advice from public officials or valid sources but loaded with hidden spyware.
“All BSFIs are therefore cautioned to stay vigilant against cyber threats that may be taking advantage of the Covid-19 pandemic. BSFIs are reminded to employ multi-layered security defense strategies against cyber-attacks and continuously roll-out information security awareness campaigns to their employees, clients and other relevant stakeholders,” she said.
In another memorandum signed March 11, 2020, Fonacier urged BSFIs and operators of payment systems (OPS) to implement response plans and similar measures like alternate work arrangement or remote access capabilities to ensure the safety of their personnel and the public.
“Clear communication protocols covering all relevant internal and external stakeholders should also be implemented,” she said.
Fonacier further said the current situation warrants subject institutions to remain vigilant by constantly monitoring and gathering relevant information on the epidemic, both locally and globally, and continuously assessing the impact of their response strategies.
“Advisories and/or guidelines issued by local health authorities, such as the Department of Health, should be considered and strictly followed,” she added. (PNA)
