MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 167: Understanding the Risk of Cyber Espionage

Reference Number: ACG-CSB 060619167

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY 

          Cyber Espionage is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware.

          The potentially harmful outcomes of Cyber Espionage not only cause government security breaches but can also lead to the declassification of company secrets. This can be disastrous for companies if the attackers use stolen information to manufacture copy-cat products and gain market share. 

          Social engineering was the more popular form of cyber-espionage attack, typified by phishing attacks that give intruders a foothold into the system using stolen account credentials. The use of backdoors to hack directly into corporate networks and  also malware using command and control networks.

          Websites can offer the same type of openings and experienced hackers can make use of a vulnerable website to execute an attack. Emails that appear to be official may be sent to specific individuals with higher network privileges who could be lured into clicking a link that downloads a code to enable later attacks.

          Common targets are Internal data, client, customer information, top-secret projects, formulas, plans or other kinds of private data. Anything an attacker could sell or use for their own benefit.

          Cyber espionage are taking place today all over the world. Corporations and governments are constant targets of attacks. 

          It is recommended to companies and other organizations to assess their current security procedures, evaluate risks and develop security policies that will help address vulnerabilities. It may also be wise to define daily procedures and establish a response plan when an attack is detected.

RECOMMENDATION

The public are advised to follow these tips in order to understand the risks and prevent being victimized by Cyber Espionage, to wit:

  • Conduct risk assessment;
  • Establish effective security policies;
  • Maintain efficient data access policy;
  • Educate employees;
  • Delete any suspicious-looking e-mails received especially if links and/or attachments appear; and
  • Always update operating system as well as anti-virus software.

For additional information, please refer to the following websites:

POINT OF CONTACT

  Please contact PMAJ ANGELICA STARLIGHT L. RIVERA, Asst. Chief, ARMD thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.