At the end of March, the Philippines’ Commission on Elections (COMELEC) website and database were breached by multiple groups and the information gathered, including Passport details and fingerprints, was released on the Internet. Initially after the breach COMELEC reported that only their website had been affected and most of the information that was leaked was public anyway, but further research last week shows that is not correct. Based on further investigation, the data dump includes 1.3 million records of overseas Filipino voters and another 15.8 million fingerprint records, as well as a list of people running for office since the 2010 elections.
An alarming fact about this breach is that the entire database of 55 million voters was accessed, which could potentially make this the largest government data breach ever. Every voter in the Philippines is now much more susceptible to identity and financial fraud, and COMELEC has not yet released how they plan to respond to the breach.
IT Security professionals have most likely heard of Dridex malware, the malicious exploit kit that made headlines in 2014 as a part of a massive phishing campaign targeting online banking transactions. The Dridex malware has now evolved, and is now being used to steal banking and credit card information across the world. When it was first discovered in 2014, it was mostly targeting English-speaking countries like the UK, the US, and Australia but now it has been seen targeting companies in Latin America and Africa.
In addition to this expansion, researchers at Spanish security company Buguroo have discovered that Dridex is now delivering the Locky Ransomware to user’s computers, forcing them to pay ransoms between 0.5 and 1 Bitcoin to decrypt their files. Buguroo reviewed Dridex over just a 10-week period and discovered that attackers launched multiple campaigns and compromising over 1 million credit cards across the globe. Pablo de la Riva Ferrezuelo, CTO and co-founder of Buguroo, claims that Dridex, which was supposedly shut down in late 2015 after the arrest of a Moldovan national, is now in the hands of other malicious groups and users should be wary of any emails containing suspicious attachments.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.