|
Reported Incidents based on General Incident Classification Statistics 2010
| |
MyCERT Advisories, Alerts and Summaries for the year 2010 |
|
|
 |
MA-237.072010: MyCERT 1st Quarter 2010 Summary Report
Original Released Date: 08 April 2010
Introduction
The MyCERT Quarterly summary provides an overview of activities carried out by Malaysia CERT (MyCERT), a department within Cybersecurity Malaysia. The activities are related to computer security incidents and trends based on security incidents handled by MyCERT. The summary highlights statistics of incidents according to categories handled by MyCERT in Q1 2010, security advisories released by MyCERT and other activities carried out by MyCERT staff. The statistics provided in this report reflect only the total number of incidents handled by MyCERT and not elements such as monetary value or repercussion of the incidents. Computer security incidents handled by MyCERT are those that occur or originate within the Malaysian domain or IP space. MyCERT works closely with other local and global entities to resolve computer security incidents.
Incidents Trends Q1 2010
From January to March 2010, MyCERT, via its Cyber999 service, handled a total of 1370 incidents representing 48.59% increase compared to the previous quarter. Generally, all categories of incidents had increased in this quarter compared to the previous quarter.The incidents were reported to MyCERT by various parties within the constituency which includes home users, private sectors, government sectors, security teams from abroad, foreign CERTs, Special Interest Groups and in addition to MyCERT’s proactive monitoring efforts.
Figure 1 illustrates the incidents received in Q1 2010 classified according to the type of incidents handled by MyCERT.
Figure 1: Incident Breakdown by Classification in Q1 2010
Figure 2 illustrates the incidents received in Q1 2010 classified according to the type of incidents handled by MyCERT and its comparison with the number of incidents received in the previous quarter.
Figure 3 shows the percentage incidents handled according to categories in Q1 2010.
Figure 3: Percentage of Incidents in Q1 2010
In Q1 2010, System Intrusion recorded the highest number of incidents with a total of 504 cases which records a 24.75% increase compared to the previous quarter. Majority of System Intrusion incidents are web defacements followed by system compromise and account compromise. MyCERT observed that the main cause of defacements were due to vulnerable web applications and unpatched servers.
Figure 4 shows the breakdown of domains defaced in Q1 2010. Out of the 409 websites defaced in Q1 2010, 65% of them are those with a com and com.my extensions.Defacers generally target web applications that are prone to SQL injection or sites that are not secured.
Figure 4: Percentage of Web Defacement by Domain in Q1 2010
In Q1 2010, we also received several reports of mass defacements involving virtual hosting servers belonging to local web hosting companies. MyCERT had advised the System Administrators on steps for rectifying of the mass defacement.
Fraud incidents that MyCERT handled are mainly phishing activities, Nigerian scams, cheating and identity thefts. Majority of the frauds handled are found to be phishing sites of local and foreign institutions. In this quarter, we observed that the majority of phishing sites were targeting local brands such as Maybank2U.com, Cimbclicks.com and the Pbebank.com.
MyCERT handles both the source of the phishing emails as well as the removal of the phishing sites by communicating with the affected Internet Service Providers (ISPs). MyCERT also received many reports of SMS scam messages received by users saying that they had won a certain competiton organized by well known organizations such as Petronas, Shell or Power Root. The SMS will request users to call a telephone number included in the SMS message in order to claim the prizes. We strongly advise users to ignore the SMS messages and refrain from responding to them.
In this quarter, MyCERT also received several reports on cheating activities on the net. This includes fraudsters advertising products on the Internet for sale. However, purchasers never received the products after they placed orders and paid for the items. Fraudsters are in some cases using fake Malaysian addresses to lure victims in these activities. Cheating cases are escalated to the Law Enforcement Agency for further investigation.
Reports on harassment had also increased this quarter with a total of 57 reports representing a 4% increase. Harassment reports mainly involve cyberstalking, cyberbullying and threatening. There were also several reports of the misuse of compromised social netwoking websites’ accounts to stalk, impersonate and bully victims. MyCERT advise Internet users to be more carefull on what they release and expose about themselves on social networking sites as these information can be manipulated by third parties.
Research Network
Under the classification of drones and malicious codes, in Q1 2010, MyCERT had handled 261 reports which represents 19% out of the total number of incidents. Other examples of incidents within these categories are active botnet controller and hosting of malware or malware configuration files.
Advisories and Alerts
In Q1 2010, MyCERT had issued a total of 15 advisories and alerts for its constituency. Most of the advisories in Q1 involved popular end user applications such as Adobe PDF Reader, Adobe Shockwave player, Multiple Apple Products Vulnerabilities, Multiple Microsoft Vulnerabilities and Microsoft Internet Explorer. Attacker often compromise end users computers by exploiting vulnerabilities in the users’ application. Generally, the attacker tricks the user in opening a specially crafted file (i.e. a PDF document) or web page.
Readers can visit the following URL on advisories and alerts released by MyCERT in Q1 2010.
- http://www.mycert.org.my/en/services/advisories/mycert/2010/main/index.html
Other Activities
MyCERT staff had been invited to conduct talks and training in various locations in Q1 2010. The following is a brief list of talks and training conducted by MyCERT in Q1 2010:
- Talk at Botnet Mitigation Seminar on Botnet Mitigation from the National CERTs, held at Taipei, Taiwan on 3rd February 2010.
- Presentation at CyberSecurity RSA Conference on Introduction to CERTs, held in Kuala Lumpur on 9 February 2010.
- Talk on Setting Up a CSIRT at Majlis Dialog Sasaran Penting held in Kuala Lumpur on 9 February 2010.
- Talk at IIUM Open Source Day on DIY: Security Tools with Open Source held in Kuala Lumpur on 19 February 2010.
- Talk at Kursus Pengurusan Keselamatan Maklumat held in Putrajaya on 23 March 2010
- Participated in the APCERT Annual Conference and General Meeting held at Phuket, Thailand on 3 March 2010.
Conclusion
In Q1 2010, neither crisis nor outbreak was observed. Nevertheless, users and organizations are advised to always take measures to protect their systems and networks from threats. MyCERT encourages Malaysian Internet users to be constantly vigilant of the latest computer security threats. Security is an on going process.
MyCERT encourages Malaysian Internet users to be constantly vigilant of the latest computer security threats and to contact us for assistance.
Our contact is:
Malaysia Computer Emergency Response Team (MyCERT)
E-mail: mycert@mycert.org.my
Cyber999 Hotline: 1 300 88 2999
Phone: (603) 8992 6969
Fax: (603) 8945 3442
Phone: 019-266 5850
SMS : CYBER999 REPORT <EMAIL><COMPLAINT> to 15888
http://www.mycert.org.my/
Please refer to MyCERT’s website for latest updates of this Quarterly Summary
|
|
|
