CICC probes cyberattack on DTI website, cites alarming trend of trusted domains being hijacked

• IN PHOTO: CICC Deputy Director Renato Paraiso

By TechWatch PH Staff

The Cybercrime Investigation and Coordinating Center (CICC) is investigating a cyberattack involving the official website of the Department of Trade and Industry (DTI), where fake links are redirecting users to illegal online gambling platforms. The attack is the latest in a string of similar incidents targeting government and academic websites, including those of the University of the Philippines (UP) and University of Santo Tomas (UST).

“We are aware of the reported search engine poisoning attack involving the DTI website and have initiated a thorough assessment of the incident,” said Aboy Paraiso, Deputy Executive Director of the CICC.

“The CICC is reaching out to the Department of Trade and Industry to offer technical assistance and help contain any ongoing threats. We are also working with search engine providers to remove malicious results and disrupt the redirection pathways.”

“This case, along with recent incidents involving UP and UST, points to a broader campaign targeting trusted Philippine domains to lend credibility to illegal content. These attacks erode public trust and demand a unified response across agencies. We urge all government and academic institutions to conduct security audits, update their content management systems, and monitor their domains for unauthorized scripts or uploads. The CICC stands ready to assist.”

The cyberattack involved a tactic known as Search Engine Poisoning (SEP), where fake or compromised URLs that mimic legitimate government websites appear in search results. These links often use keywords like “top betting sites” or “online lottery” to attract clicks. While appearing harmless when accessed directly, they activate user-agent cloaking when opened via Google, redirecting users to unregulated gambling content.

Initial assessments suggest the attackers may have exploited a vulnerable plugin, outdated CMS module, or exposed upload directory in the DTI’s website infrastructure. Unlike phishing attempts hosted externally, the malicious content in this case is embedded within official .gov.ph domains—making detection more difficult and the deception more effective.

Scam Watch Pilipinas Co-Founder Art Samaniego warned that these attacks exploit the trust users place in government and school websites. “This isn’t just a security breach—it’s a trust breach,” the group said in a statement. “Hijacking institutional domains to host illegal gambling content is a tactic that bypasses traditional trust signals and tricks even tech-savvy users.”

The timing of these attacks comes amid the Philippine government’s intensified crackdown on illegal online gambling. Experts suggest that criminal syndicates may now be pivoting to more sophisticated SEO-driven deception, leveraging the reputability of government and school websites to stay ahead of regulation and reach new victims.

As the digital frontlines shift, the CICC calls for stronger inter-agency coordination, proactive website security management, and real-time monitoring to protect public platforms from being weaponized.