MA-332.092012: MyCERT 1st Quarter 2012 Summary Report
23 April 2012
The MyCERT Quarterly Summary Report provides an overview of activities carried out by the Malaysian Computer Emergency Response Team (hereinafter referred to as MyCERT), a department within CyberSecurity Malaysia. These activities are related to computer security incidents and trends based on security incidents handled by MyCERT. The summary highlights statistics of incidents according to categories handled by MyCERT in Q1 2012, security advisories and other activities carried out by MyCERT personnel. The statistics
provided in this report reflect only the total number of incidents handled by MyCERT and not
elements such as monetary value or repercussions of the incidents. Computer security incidents
handled by MyCERT are those that occur or originate within the Malaysian constituency. MyCERT works closely with other local and global entities to resolve computer
Incidents Trends Q1 2012
Incidents were reported to MyCERT by various parties within the constituency as well as from foreign, which include home users, private sectors, government sectors, security teams from abroad, foreign CERTs, Special Interest Groups including MyCERT’s proactive monitoring on several cyber incidents.
From January to March 2012, MyCERT, via its Cyber999 service, handled a total of 3143 incidents representing 4.40 percent decrease compared to Q4 2011. In Q1 2012, incidents such as Denial of Service, Fraud, Vulnerabilities Report and Malicious Code had increased while other incidents had decreased.
Figure 1 illustrates incidents received in Q1 2012 classified according to the type of incidents handled by MyCERT.
Figure 2 illustrates the incidents received in Q1 2012 classified according to the type of incidents handled by MyCERT and its comparison with the number of incidents received in the previous quarter.
Figure 3: Shows the percentage of incidents handled according to categories in Q1 2012.
In Q1 2012, a total of 1108 incidents were received on Intrusion representing 18.34 percent decreased compared to previous quarter. The Intrusion incidents reported to us are mostly web defacements or known as web vandalism followed by account compromise. Based on our findings, majority of the web defacements were due to vulnerable web applications or unpatched servers involving web servers running on IIS and Apache.
In this quarter, we received a total of 689 .MY domains defaced belonging to various sectors such as private and government hosted on local web hosting companies. MyCERT had responded to web defacement incidents by notifying respective Web Administrators to rectify the defaced websites by following our recommendations.
Figure 4 shows the breakdown of domains defaced in Q1 2012.
Account compromise incidents still prevails in this quarter as was in previous quarter with the number increased to 68 incidents compared to 57 incidents in Q4 2011. Account compromise incidents has become a trend nowadays in which unscrupulous individuals are taking advantage of various techniques to compromise legitimate accounts. The increase in Internet bankings and usage of social networking sites combined with lack of security awareness had contributed to the increase in account compromise incidents. The account compromise incident reported to us involved mostly free based email accounts and social networking accounts. Account compromise incidents could be prevented if users practice good password management such as using strong passwords and safeguard their passwords.
Users may refer to the below URL on good password management practise:
Incidents involving fraud had increased to about 29.31 percent in this quarter compared to previous quarter. Fraud incident continue to be a trend in this quarter and is one of the most frequently reported incidents to Cyber999. In fact Fraud has become a global trend involving phishing, Nigerian scams, lottery scams, illegal investment and job scam as it gives huge money to the perpetrators.
A total of 1153 incidents were received in this quarter, from organizations and home users. Phishing incidents involving foreign and local brands still prevail in this quarter along with other types of frauds. Incidents on job scams had also increased targeting other industries such as hospitals and Specialist Centres.
We continue to receive incidents on cyber harassment in this quarter however the number had dropped to about 23.80% with a total of 80 incidents. Harassment reports generally involved cyberstalking, cyberbullying, threatening done via emails and social networking sites. A new trend we observed in this quarter is luring victims into posing nude in front of video cam while chatting with perpetrators via skype or MSN Messenger. The captured nude pictures of victims by perpetrator will be used to threaten the victim to pay some amount of money otherwise the pictures will be exposed on social networking sites. We advise users to be very precautious with whom they communicate or chat on the net especially with unkown people and be ethical on the net.
In Q1 2012, MyCERT had handled 189 incidents on malicious codes, which represents 33.09 percent increase compared to previous quarter. Some of the malicious code incidents we handled are active botnet controller, hosting of malware or malware configuration files on compromised machines and malware infections to computers.
Advisories and Alerts
In Q1 2012, MyCERT had issued a total of 10 advisories and alerts for its constituency which involved popular end user applications such as Adobe PDF Reader and Multiple Microsoft Vulnerabilities. Attacker often compromise end users computers by exploiting vulnerabilities in the users’ application. Generally, the attacker tricks the user in opening a specially crafted file (i.e. a PDF document) or web page.
Readers can visit the following URL on advisories and alerts released by MyCERT
In Q1 2012, MyCERT staff had been invited to conduct a training at the HP Security Workshop at San Francisco, US on Reversing Android in 19 March 2012. MyCERT staff had given a talk at UITM, Shah Alam on Malicious PDF Threat in 31st March 2012.
In conclusion, the number of computer security incidents reported to us in this quarter had decreased slightly compared to the previous quarter. However, some categories of incidents reported to us continue to increase. The slight decrease could be a positive indication that more Internet users are aware of current threats and are taking proper measures against them. No severe incidents were reported to us in this quarter and we did not observe any crisis or outbreak in our constituencies. Nevertheless, users and organisations must be constantly vigilant of the latest computer security threats and are advised to always take measures to protect their systems and networks from these threats.
Internet user and organizations may contact MyCERT for assistance at the below contact:
Malaysia Computer Emergency Response Team (MyCERT)
Cyber999 Hotline: 1 300 88 2999
Phone: (603) 8992 6969
Fax: (603) 8945 3442
Phone: 019-266 5850
SMS: Type CYBER999 report to 15888
Please refer to MyCERT's website for latest updates of this Quarterly Summary.