CYBER THREATS MARCH 2025 ARRESTED SUSPECT, PHILIPPINES

"Good morning. Today, I will be presenting the Cybercrime Threat Landscape Report
for the years 2024 to 2025. In this presentation, we will explore the organizations and
agencies responsible for protecting against cyber threats. We will also discuss the
methodologies and procedures used to prevent and mitigate these attacks in the
digital environment. Included in the report are percentages and graphs that track
cybercrime incidents, providing us with a clear picture of the threat situation during
this period. Lastly, we will identify the most prevalent cyber threats in the Philippines
that require immediate attention and action."

The CYBERINT (now a Check Point Company) Philippine Threat Landscape

2024-2025 report unknots the evolving cyber threats and scam operations
targeting organizations in the Philippines—mainly within the Government,
Education, Financial, and Telecommunications sectors.

Cyberint is a private company based in Israel that developed a system designed to

protect the networks and systems of various organizations, both private and
government-owned, against cyberattacks. These organizations pay for Cyberint’s
services to safeguard their systems from different forms of cybercrime threats in
cyberspace.

The CYBERINT Philippine Threat Landscape 2024-2025 report reveals the growing
cyber threats and scams targeting key sectors in the country, especially
Government, Education, Finance, and Telecommunications.

To better understand what Cyberint is:

Cyberint - is a cybersecurity firm focused on External Risk Management. It assists

organizations in identifying, analyzing, and addressing cyber threats that originate
outside their internal networks.

Through its AI-powered Argos platform, Cyberint monitors the open, deep, and dark
web for risks like stolen credentials, online impersonation, data breaches, and
malicious infrastructures. Additionally, the company provides managed services for
threat takedowns and incident remediation.

In 2024, malware infections, especially InfoStealers, continue to rise, exposing

sensitive information like confidential files and credentials. Philippine-based
threat actors and scam operators use advanced techniques to conduct phishing
campaigns, impersonating local organizations —from government to
telecommunication sectors—to target financial industry customers.
METHODOLOGY

Cyberint’s Philippine Threat Landscape Report 2024-2025 employs a

comprehensive intelligence strategy that combines both proprietary and public
data sources. The intelligence is gathered from Cyberint and Check Point
sources, that track a variety of threat vectors using modules like Attack Surface
Management, Darkweb Threat Intelligence, Supply Chain Intelligence, Malware
Intelligence, Phishing Detection, Social Media Monitoring, and more.

The next slides will show the methodologies employed to monitor a range of threat
vectors using the following modules:

1. Attack Surface Management (ASM)

What is Attack Surface Management (ASM) in Cybercrime?

Attack Surface Management (ASM) - is the continuous process of identifying,

monitoring, and protecting all possible points (called an "attack surface") where a
hacker or cybercriminal could try to break into a system, network, or application.

In cybercrime, attackers often scan for exposed or weak points — like open ports,
outdated software, misconfigured servers, leaked credentials, or unsecured cloud
services — to exploit. ASM helps organizations stay ahead by detecting these
vulnerabilities before criminals can find and abuse them.

In short:

It’s about keeping an eye on the dark web to uncover hidden threats and criminal
activities that could harm an organization.

What is Dark Web Threat Intelligence in Cybercrime?

2. Dark Web Threat Intelligence - is the process of gathering, analyzing, and

using information from the dark web — a hidden part of the internet where
illegal activities like data breaches, hacking services, and cybercrime
marketplaces take place.

In cybercrime prevention, security teams use this intelligence to:

• Detect stolen data, like company credentials or personal information for sale.
• Identify planned cyberattacks or scams targeting their organization.
• Monitor hacker forums and underground marketplaces for emerging threats.
• Respond early by taking down illegal content or strengthening defenses.
In short:

It’s about keeping an eye on the dark web to uncover hidden threats and criminal
activities that could harm an organization.

What is Supply Chain Intelligence in Cybercrime?

3. Supply Chain Intelligence in the context of cybercrime is the practice of

gathering and analyzing information about the cybersecurity risks within
an organization’s network of suppliers, vendors, and partners.

Cybercriminals often target weaker links in a supply chain — like third-party service
providers — to gain access to larger, more secure organizations. Supply Chain
Intelligence helps detect these potential risks by monitoring:

 Third-party data breaches

 Compromised vendor credentials
 Malware or phishing campaigns involving suppliers
 Vulnerabilities in partner systems

This allows businesses to act early, strengthen defenses, and avoid cyberattacks
that enter through external partners.

What is Malware Intelligence in Cybercrime?

4. Malware Intelligence is the process of collecting, analyzing, and

understanding information about malicious software (malware) — programs
created by cybercriminals to steal data, damage systems, or gain
unauthorized access.

This type of intelligence helps security teams:

 Identify new and emerging malware threats

 Understand how malware behaves and spreads
 Detect malware infections early
 Develop defenses and countermeasures to stop attacks

It involves monitoring malware campaigns, threat actor groups, and malicious tools
being shared on the open web, deep web, and dark web.

📖 In short:

It’s about studying and tracking malware to detect, prevent, and respond to
cyberattacks effectively.
What is Phishing Detection in Cybercrime?

5. Phishing Detection is the process of identifying and blocking fraudulent

emails, websites, messages, or phone calls designed to trick people into
revealing sensitive information like passwords, credit card numbers, or
personal data.

Cybercriminals often use phishing to:

 Steal login credentials

 Install malware on devices
 Impersonate trusted organizations or people

Phishing detection systems use technologies like AI, machine learning, and threat
intelligence to spot fake messages, suspicious links, or deceptive domains
before victims can fall for them.

📖 In short:

It’s about spotting and stopping phishing scams before they can harm
individuals or organizations.

What is Social Media Monitoring in Cybercrime?

6. Social Media Monitoring in cybercrime is the practice of tracking and

analyzing social media platforms to detect potential security threats,
scams, and criminal activities targeting individuals, companies, or
governments.

Cybercriminals often use social media to:

 Spread fake news, phishing links, or malware

 Gather personal information for identity theft
 Organize scams or fraud schemes
 Impersonate legitimate accounts for deception

By monitoring these activities, cybersecurity teams can identify threats early,

protect reputations, and respond quickly to harmful or illegal content.

📖 In short:

It’s about watching social media for cyber threats, scams, and criminal
behavior to protect people and organizations.

Those are the Cyberint tools designed to track different threat vectors.
Cyberint, now a Check Point Company delivers essential alerts and indicators
that shape our analysis, enabling us to present an intelligence-driven overview of
the cyber security threat landscape in the Philippines. The information in this
report is based on a sample of around 127,000 intelligence alerts collected from
December 1, 2021, to December 1, 2024, from around 15 companies across
various industries in the Philippines.

Displayed on the screen are the critical alerts by industry in the Philippines from
December 2021 to 2024. Banking and Financial Services account for 66%, followed
by Media and Entertainment at 11%, Technology and IT at 8%, Real Estate at 6%,
Retail and Consumer Goods at 5%, Healthcare at 2%, Energy and Industrial at 1%,
Hospitality at 0.6%, and Shared Services at 0.4%.

They also utilize open-source intelligence (OSINT) by incorporating threat feeds,

news articles, and research publications from cyber security professionals and
regulatory authorities.

Open-Source Intelligence (OSINT) - is the process of collecting, analyzing, and

using information gathered from publicly available sources to support decision-
making, investigations, or security efforts.
These sources can include:

• Websites and online news

• Social media platforms
• Public records and government reports
• Forums, blogs, and videos
• Data available on the open web, deep web, and sometimes parts of the dark
web

DEEPER LOOK INTO THE CYBER THREATS FOR THE PHILIPPINE THREAT

LANDSCAPE 2024

1. MALWARE

As we continue to enhance our sources and services, more malware infections

for our clients’ employee machines have been discovered. The majority of these
malware infections came from the personal devices of clients’ employees, which
were utilized for work-related activities.

Displayed on the screen are the malware infection alerts affecting employee
machines among Cyberint’s Philippine clients. As shown, there’s a noticeable
increase in infections from 2022 to 2024 — with 11 cases recorded in 2022, rising to
189 in 2023, and a significant jump to 676 in 2024. This illustrates how quickly
malware can spread and compromise employee devices over time.

2.INFOSTEALERS

In the Philippines, Information Stealers (a.k.a. Infostealers), a type of malware

that can infiltrate sensitive information (i.e., browser credentials, cookies, cache,
crypto wallets, desktop files, etc.), became the gateway for threat actors to easily
gain unauthorized access to insecure portals, resulting in exposure of sensitive
information. Nowadays, Infostealer logs are scattered across the dark web,
making it easier for threat actors to source exposed credentials of their targeted
entity.

Infostealers became more effective against Philippine-based organizations’

employees during and after the COVID-19 pandemic due to the adjustments
made by the Philippine government. In contrast, most local companies are now
allowing work-from-home setups.

Based on Cyberint (now a Check Point Company) sources, many Filipinos who
work from home are more susceptible to violating an organization’s information
security policies. We have observed a massive number of Filipino employees
who use their personal devices (i.e., desktops, laptops, etc.) to access work-
related portals, thus amplifying the risks of having credentials exposure
whenever these personal devices get infected by Infostealers.

3.RANSOMWARE
Ransomware continues to be one of the most critical threats, not only in the
Philippines but around the globe. However, we have observed a decrease in
ransomware attacks targeting the Philippines in 2024 compared to 2023.

Displayed on the screen is the 2024 ransomware attack timeline in the Philippines.
According to the graph, the Philippines ranks 12th in ransomware incidents across
the APAC region.
APAC stands for Asia-Pacific, a geographic and economic region that includes
countries in East Asia, Southeast Asia, South Asia, Australasia, and the Pacific
Islands.

It typically covers:

 East Asia: China, Japan, South Korea, Taiwan, Hong Kong, Mongolia
 Southeast Asia: Philippines, Indonesia, Malaysia, Singapore, Thailand,
Vietnam, Cambodia, etc.
 South Asia: India, Pakistan, Bangladesh, Sri Lanka, Nepal, etc.
 Australasia & Pacific: Australia, New Zealand, Papua New Guinea, and
Pacific Island nations

In business, cybersecurity, and geopolitical reports, the APAC region is often

grouped together due to shared markets, economic ties, and similar digital security
challenges.

STAYING AHEAD OF THE CURVE: EVOLVING CYBER THREATS AND

STRATEGIC PRIORITIES IN 2025

As we approach 2025, the cyber threat landscape is set to become more intricate
due to rapid technological advancements, changes in work environments, and
geopolitical tensions (i.e., tensions between the Philippines and China regarding
the South China Sea). The following key threats are anticipated to dominate the
cyber security space in 2025, necessitating proactive planning and strategic
responses from organizations across various industries.

As 2025 approaches, the cyber threat environment is expected to grow more

complex due to fast-changing technology, shifting work setups, and rising
geopolitical issues like the Philippines-China South China Sea tensions. Key cyber
threats are likely to emerge, requiring businesses to prepare and strengthen their
defenses.

As we’ve seen, cyber threats from 2024 to 2025 continue to grow in scale,
complexity, and impact — affecting businesses, governments, and individuals alike.
It’s a constant reminder that cybersecurity is not a one-time effort but an ongoing
responsibility. By staying informed, adopting proactive security measures, and
fostering a culture of vigilance, we can better defend against emerging threats and
protect our digital environments. Together, through awareness and preparedness, we
can stay one step ahead of cybercriminals.

This wraps up my presentation on the 2024–2025 cybercrime threat landscape.

Thank you and good day.