Case Study

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

ASIAN INSTITUTE OF

COMPUTER STUDIES
Bicutan Branch

UCPB INDEPENDENCE DAY CYBER ATTACKS (2020)

A Case Study Presented to the


Faculty of Computer Science

In partial fulfillment of the Requirements for


Science, Technology and Society (CC111)

Submitted by:

STUDENT'S COMPLETE NAME/MEMBERS:

Member

Añano, Mark Angelo B.

Berganos, Angelo Ward

Bunagan, Nygel Angelo D.

Carmen, Quen Chin V.

Dormido, Rea R.

Garado, Aliyah Faith R.

Madroño, John Patrick Y.

Norte, Ma. Angelique D.

Onan, Grace Faith E.

Rivera, Angel

Sulapas, Justin A.

Undaloc, Lester John

Section
BS1EB

Submitted to:

MR. JAYSON PANGILINAN LARGO


INSTRUCTOR

Font Style : Aptos


Font Size : 12
Alignment : Justified
Spacing : Double

Science, Technology and Society Page 1


I. Executive Summary

This case study examines the recent cyberattack on the United Coconut Planters
Bank (UCPB), which involved unauthorized access and disruption of its digital
services, raising critical concerns about security measures in the banking sector.
Established in 1975, UCPB has played a significant role in supporting the coconut
industry and promoting rural development in the Philippines.

The purpose of this study is to enhance cybercrime protection and promote best
practices in authentication techniques for financial transactions across local banks.

The following are the issues found in this study:

1. Lack of Security Systems: UCPB and similar institutions need to adopt


global best practices in IT security, including advanced firewalls, security
software, and biometric authentication methods such as smart cards, facial
recognition, and fingerprint sensors. A comprehensive cybersecurity upgrade
is crucial to protect against unauthorized access and cyberattacks.

2. Regulatory Environment: UCPB faces increasing scrutiny from regulatory


bodies, necessitating compliance with evolving banking regulations while
maintaining its focus on its core clientele.

3. Market Competition: The bank contends with competition from commercial


banks and microfinance institutions that are increasingly targeting rural
markets, potentially threatening its customer base.

4. Technological Advancements: Rapid technological changes demand that


UCPB modernize its services, particularly in digital banking, to meet
customer expectations and enhance operational efficiency.

5. Financial Literacy: Many of UCPB’s clients may lack sufficient financial


literacy, hindering their ability to fully utilize banking services and make
informed financial decisions.

The analysis further highlights UCPB's business model, which integrates financial
services with social responsibility, focusing on providing loans, savings products,
and investment opportunities for farmers and agribusinesses.

To address these challenges, UCPB is investing in digital transformation to improve


service delivery, implementing financial literacy programs for farmers, and
promoting sustainability initiatives to support the long-term viability of the coconut
industry.

The recommend strategic measures for UCPB to enhance its market position,
including adopting innovative technologies, forging partnerships with agricultural
organizations, and emphasizing customer service. By aligning its strategies with its
social mission, UCPB can strengthen its role as a leader in promoting rural
development and financial inclusion in the Philippines while ensuring robust
cybersecurity measures.

Science, Technology and Society Page 2


II. Introduction

In 2020, the United Coconut Planters Bank (UCPB), one of the leading financial
institutions in the Philippines, became the target of a significant cyber attack on
Independence Day, June 12. This incident marked a critical moment in the realm of
cybersecurity for financial institutions in the country, highlighting vulnerabilities that
can be exploited by malicious actors.

The attack, which involved the unauthorized access and disruption of UCPB's digital
services, raised serious concerns about the security measures in place within the
banking sector. Cybersecurity experts and analysts have noted that such attacks are
becoming increasingly sophisticated, often leveraging a combination of phishing
techniques, malware, and social engineering to infiltrate systems. The UCPB
incident underscored the necessity for robust cybersecurity frameworks and the
continuous monitoring of digital infrastructures to safeguard sensitive information
and maintain customer trust.

In the aftermath of the attack, UCPB took immediate steps to secure its systems,
launching a thorough investigation to assess the extent of the breach and to mitigate
future risks. This incident not only impacted the bank’s operations but also served
as a wake-up call for other financial institutions, emphasizing the importance of
enhancing their cybersecurity protocols in an era where digital banking is the norm.

Science, Technology and Society Page 3


III. Findings

The main issue is the cyber theft of PHP 167 million from UCPB, a state-run bank
in the Philippines. The cyber-attack exposed vulnerabilities in UCPB’s systems,
specifically during a maintenance period, where malware was installed that
enabled unauthorized fund transfers. This breach raises significant concerns
about the security of the banking sector in the Philippines.

The Bangko Sentral ng Pilipinas (BSP) acknowledged the incident, confirming it


was "well-aware" and in "close coordination" with UCPB. Despite this, the attack
still went through, indicating potential flaws in monitoring and detection,
especially during off-peak or maintenance time. According to reports, two
Nigerian nationals were identified as key suspects. They allegedly used malware
to compromise UCPB’s systems, transferring money to their accounts and
withdrawing cash via ATMs. This highlights a gap in real-time monitoring and
possibly weak points in the bank’s malware detection and network security.

The attack occurred during a maintenance shutdown, suggesting that routine


maintenance may be a vulnerable period for banks if security measures are not
tightened. The malware installed on UCPB’s systems allowed unauthorized
transfers, indicating a lack of adequate malware defenses or intrusion detection
systems. While UCPB reassured clients that their funds were safe, such
incidents can damage customer trust and highlight the need for stronger, more
transparent security measures across banks.

This incident echoes previous breaches, like the Bangladesh Bank heist involving
RCBC, signaling that Philippine banks may need to strengthen their
cybersecurity frameworks to handle evolving threats. Additionally, the BSP’s
emphasis on "close coordination" and its promise to pursue cybersecurity
efforts across financial institutions reflects an acknowledgment that regulatory
oversight and stronger safeguards are crucial for maintaining public trust.

Science, Technology and Society Page 4


IV. Discussion

The Problem and Its Background


In the Philippines, United Coconut Planters Bank (UCPB), now called Landbank,
was a universal bank. The bank provides a variety of financial services, including
domestic fund transfers, deposits, and loans. However, over the weekend of
Independence Day in June 2020, UCPB was the target of a cyberattack. The
cyberattack installed malware on the bank's system, resulting in the theft of nearly
167 million from UCPB. People complained about the money they had on UCPB as a
result of the cyberattack.

Authorities believed a syndicate of Nigerians and Filipinos were responsible for the
heist. The syndicate allegedly took out 57 withdrawals from a single Automated
Teller Machine (ATM) and ran out the machine's entire stock of roughly 4 million
pesos in cash before transferring the UCPB funds into their bank accounts. Many
bank account holders expressed disappointment over their accounts, fearing that
their money had also been stolen. Assuring bank holders that their funds were
unaffected by the theft and that government authorities would strengthen the bank's
security to prevent another incidence of the cyberattack, Diokno (2020) states, "Be
assured, in pursuit of our cybersecurity agenda, we continue to collaborate and
engage the BSP Supervised Financial Institutions to ensure the safety and integrity
of the financial system as well as the protection of the financial consumers." The
government authorities tightened the security and systems of every bank in the
Philippines as a result of the cyberattack.

Due to the UCPB cyber attack, several alternative solutions were implemented:

1. Cyberattack containment: In order to prevent additional financial losses,


UCPB made the decision to restrict and secure the affected system following
the cyberattack. This procedure lessens the impact of the breach on bank
operations.

2. Recovery of the Stolen Funds: In order to track down the stolen funds,
UCPB and Banko Sentral ng Pilipinas (BSP) agreed to work with the
government and law enforcement following the incident. Although the
procedure was challenging, the government managed to retrieve the lost
money.

3. Increased Cyber Security Measures: The government agencies decided to

Science, Technology and Society Page 5


add security to the banks’ systems to prevent further cyber-attacks.
Improving the firewalls, multi-factoring the authentication, and security
detection in order to heighten the security of the system.

4. Increased Customer Assurance: Customers were reassured by UCPB that


their bank accounts were secure and unaffected by the cyberattack in
response to public complaints. The BSP and UCPB operate to maintain
stability between the bank sectors and the customers in order to reassure
the public.

Science, Technology and Society Page 6


V. Conclusion

The UCPB and the Bangko Sentral ng Pilipinas (BSP) have reassured the public
regarding the security of customer deposits following the theft of ₱167 million.
However, this incident highlights the increasing sophistication and global reach of
cybercrime, as foreign hackers were able to exploit operational downtimes and
deploy malware to infiltrate banking systems. It underscores the growing
challenges that financial institutions face worldwide in protecting against rapidly
evolving threats.

This case is part of a broader trend in which cybercriminals target financial


systems globally, exploiting both technological vulnerabilities and human factors.
The method employed—using malware during a routine maintenance period—
demonstrates how attackers capitalize on moments of reduced vigilance to
bypass even established security protocols. Such incidents serve as reminders of
the importance of continuous vigilance, investment in cutting-edge cybersecurity
technology, and collaboration between financial institutions and regulators.

As financial systems continue to digitalize, it is imperative for banks to adapt their


defenses to match the evolving tactics of cybercriminals. Measures such as
predictive threat monitoring, secure maintenance protocols, and cross-border
sharing of intelligence must become standard practice. Regulatory bodies and
law enforcement agencies, working in tandem with financial institutions, play a
critical role in setting and enforcing the necessary standards to safeguard
customer trust and the integrity of financial systems.

In conclusion, the UCPB cyberattack is not merely a localized incident but a


global wake-up call for the financial sector. Strengthening cybersecurity
protocols, enhancing industry collaboration, and fostering international
partnerships are essential to ensuring resilience against future cyberattacks. By
taking proactive steps, the financial industry can maintain its role as a secure and
trusted pillar of the global economy.

Science, Technology and Society Page 7


VI. Recommendations

The cyber-attack availed on the United Coconut Planters Bank (UCPB) during the
Independence Day weekend in 2020 not only incurred huge financial losses but also
exposed the weaknesses associated with the bank’s information technology (IT)
systems. This section proposes recommendations to enhance the cybersecurity of
UCPB and avert the recurrence of such incidents.

1. Strengthening Cybersecurity Protocols - Following the attack, UCPB and


other government financial institutions (GFI) were recommended to
strengthen their IT capabilities, particularly to prevent vulnerabilities during
system transitions. There is also a need for subsequent upgrades of the
security components of database, server and application software to
eliminate or minimize the potential of further attacks.

2. Advanced Strategies on Incident Response - The design of incident response


capabilities involves the policy of encouraging rapid detection and response
to malicious activity or threat against the organization through the provision
of advanced systems. This entails improving the capabilities of the personnel
together with the resources such as refined emergency response strategy
and advanced intrusion detection systems to monitor suspicious activities at
the earliest stages.

3. Collaborative Investigation Efforts - In looking into the UCPB incident, the


Department of Finance (DOF), Bangko Sentral ng Pilipinas (BSP) and the
National Bureau of Investigation (NBI) worked together in investigating the
UCPB incident. This recommendation goes on to encourage financial
institutions to enhance their collaboration not only among themselves but
also with the relevant regulatory and law enforcement bodies. By sharing
intelligence and coordinating investigations, organizations can better
understand and prevent complex cyber attacks, especially those involving
organized criminal groups. The efforts of such collaborative environment
allow for early detection, response and mitigation of the cyber challenges.

4. Enhanced Access Control - The case of UCPB highlighted the importance of


restricting access to core systems by third parties. This suggestion
emphasizes the importance for banks and other financial institutions of
investing time and resources in monitoring and restricting the extent of
external vendor or partner access to proprietary information and systems.

5. Client Protection Assurance - One of the foremost objectives is to guarantee


that clients’ funds will not be affected in the event or occurrence of a cyber
incident. For instance, the UCPB case illustrated the need to provide
reassurance to clients suffering an attack that their money and other
personal information are not compromised. It is imperative for banks and
other financial institutions, to first and foremost, protect their clients’ assets
and inform the public about the steps taken to do so in order to avoid
distrust.

6. Enchanced Cybersecurity Infrastructure - Implement strong MFA or Multi-

Science, Technology and Society Page 8


factor Authentication protocols for all user access, including administrative
privelages. This can add an extra layer of security beyond traditional
passwords. Conduct frequent security audits to identify vulnerabilities and
potential threats. Deploy advanced threat detection systems capable of
identifying and responding cyberattacks, including zero-day threats.
Segment the network into isolated zones limit the potential damage of
successful attack. Regular training programs can educate employee about
the best practices, such as recognizing phishing attempst and any malicious
links. Lastly, develop a comprehensive incident response plan to minimize
the impact of a cyberattack.

7. Data protection and Privacy - Encrypt sensitive data both at rest and in transit
to protect it from unauthorized access. Implement DLP or Data Loss
Prevention, solutions to monitor and control data movement within and
outside the organization and maintain regular backups of critical data and
test the recovery process to ensure its effectiveness.

8. Regulatory Compliance - Comply with relevant cybersecurity standards


regulations like those set by the BSP. Work closely with cybersecurity
authorities to share information and collaboration on threat intellegence.

9. Continuous Monitoring and Improvement - Continuosly real-time monitor


networks ans systems for signs and malicious activity. Keep all systems and
software up to date with latest security. Conduct post-incident reviews to
identify lessons learned implement improvements to prevent future attacks.

10. Enhanced Cybercrimes Protection - Local banks need to adopt global best
practices in, for example, installing firewalls and security software for their
entire IT structure to prevent unauthorized entry into their systems. Banks
also need to adopt best practices in authentication techniques for financial
transactions, including the use of smart cards, facial recognition, and
fingerprint sensors in automated teller machines (ATMs). The first step must
be a comprehensive upgrade in cybersecurity, by fortifying the banks’
information technology (IT) systems, the main gateway of criminals in
attacking financial institutions and their clients. Any gaps in a bank’s internet
infrastructure can be easily exploited by expert hackers, as was evident in the
UCPB case where the perpetrators allegedly took advantage of a weekend
window when the bank was upgrading its IT security system.

Science, Technology and Society Page 9


VII. References

• Ian Nicolas Cigaral (September 03,2020)


https://www.philstar.com/business/2020/09/03/2039847/depositor-money-
safe-ucpb-probes-p167-m-cyber-attack

• Daxim L. Lucas (September 04, 2020)


https://business.inquirer.net/306528/ucpb-leadership-revamped-crack-
probers-sent-in-after-hacking

• Ralf Rivas (September 03, 2020)


https://www.rappler.com/business/ucpb-probes-cyber-heist-september-
2020/

• ABS-CBN News (September 02, 2020)


https://news.abs-cbn.com/business/09/02/20/ucpb-assures-clients-amid-
probe-into-alleged-cyberheist

• Joann Villanueva (September 03, 2020)


https://www.pna.gov.ph/articles/1114256

• Beatrice M. Laforga (September 04, 2020)


https://www.bworldonline.com/top-stories/2020/09/04/314922/finance-
chief-assures-security-intact-among-state-run-banks-after-ucpb-
heist/BusinessWorld.

• Philippine News Agency (September 05, 2020)


https://newsbytes.ph/2020/09/05/govt-vows-to-run-after-criminals-behind-
p167-m-cyber-heist-at-ucpb/

Science, Technology and Society Page 10

You might also like