Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Wrap Up of Security Incidents for 2005

MyCERT received a total of 10147 incidents with spam receiving the highest number of incidents with 9282 spam incidents. However, incidents reported to MyCERT were managed to be contained and handled successfully.

First quarter this year, many of our local websites were defaced, suspected to be launched from hackers from our neighbouring country. Within 2 weeks, 216 local websites were defaced and a Red Alert was issued by NISER for this incident. This incident had also received serious attention from the Cabinet. The mass defacement was overcome successfully with cooperation from the respective CERT of the neighbouring country. In overall for year 2005, we received 467 reports on intrusion with about 80% of them representing web defacements of Malaysian websites. The main factor to this could be mainly due to websites were running on machines that were not properly secured and without proper patches/fixes/upgrades.

Forgery incidents were on rise in this year compared to previous years with a total of 149 incidents for year 2005 compared to 106 incidents in year 2004. About 85% of forgery incidents were phishing incidents which had been a trend throughout year 2005 that affected the globe.

Phishing had become a serious issue in year 2005 due to the increasing number of reports received. This could be due to the free availability of tools/techniques on the Internet, which can be used to launch the activity. The availability of many vulnerable machines around the globe which can be used to set up phishing sites and poor awareness among Internet users on phishing threats had contributed to the growing number of phishing activites with financial-gain has become a strong motivation among phishers.

In this year, we also observed more local Internet bankings becoming targets to phishing activities with the phishing sites hosted on foreign servers. MyCERT managed to communicate with relevant parties to shutdown the phishing sites within a short period of time. We also observed increasing number foreign bankings phishing sites found to be hosted on Malaysian machines. The machines could had been compromised due its weaknesses prior to setting up the phishing sites. We managed to communicate with respective owners of the machines to shutdown the phishing sites and to rectify their machines.

Besides phishing reports, MyCERT also received few reports from our constituency regarding internet scams, that worth to be highlighted here. We received reports of users being cheated over the internet of some scams that promise high return of money. Users had been cheated after they had made deposits to the fraudsters' accounts but did not receive anything in return.

MyCERT advise users not to deposit or pay any amount of money to another party except to licensed financial institutions. Users who receive any such scam/suspicious emails that requests users to bank in certain amount of money to an account to ignore the email. Users may also verify such emails with their ISPs, CERTs or with Bank Negara Malaysia.

We observed reports on hack threats had decreased compared to year 2004, with a total of 87 reports for year 2005. Hack threats reports that we received include port scannings, looking for open ports that can be easily exploited; and vulnerability scannings, looking for any vulnerable machines that can be compromised. Port scannings are carried out actively due to release of new exploits to the Internet which gives a chance to attackers to scan/look for vulnerable machines that can be exploited. Among target ports for port scannings we observed this year are SMB (TCP/445), SSH (TCP/22), HTTP (TCP/80) and MS SQL (TCP/1433).

Year 2005 also saw decrease on malicious code incidents with a total of 82 reports received for year 2005 compared to 242 reports in year 2004. Quarter 4 saw an increase on reports received on malicious code incidents compared to previous quarters which was mainly due to the W32.Daser worm activity towards end of quarter 4. However, in overall for this year, we did not observe any worm outbreaks that had affected our ICT infrastructure, however users/organizations should remain vigilant and follow safe computing practices.

Harassment incidents had slightly dropped this year with a total of 43 reports as of compared to 47 reports in year 2004. Majority of harassment incidents were referred to the Law Enforcement Agencies for further investigation. MyCERT had also assisted the Law Enforcement Agencies in analyzing technical information/evident related to harassment incidents. A trend we found this year is that most harassments were done via email, web forums and chat programs.

Spam incidents still remain the highest number of reports with a total of 9282 incidents for year 2005, though there is a significant drop compared to 14371 spam reports in year 2004. The main reason for this significant decrease could be due to local ISPs and organizations are applying anti-spam filters at their gateways to filter out spam emails. We see this as a positive measure in minimizing spam activities in the country to some extent.

In conclusion, security incidents had dropped for this year compared to the previous year. This is based on the number of reports we received from users/organization within our constituency for this year compared to year 2004. A Red Alert was declared in March 2005 due to the mass web defacements of Malaysian websites. No significant worm outbreaks was observed in this year compared to previous years. However, this may not mean that our systems and networks are safe from security threats and are not prone to security incidents. We would like to advise users/organizations to be more prepared for the coming 2006 as many security experts predict more sophisticated techniques/tools will be used in launching more sophisticated cyber attacks.