MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2017

MA-679.082017: MyCERT Special Alert - Recent Attacks to Malaysian websites

Date first published: 21/8/2017


1.0    Introduction
MyCERT has been receiving several incidents targeting Malaysian websites, confidential information leaks and possible Distributed Denial of Services (DDOS) attacks. As a preventive measure, MyCERT release this alert to advise System Administrators to take necessary steps to secure their systems against unwanted incidents as well from other security threats.


2.0    Recommendation
Attached below are some recommendations for System Administrators as preventive measures and mitigation steps against these attacks:

1. Organizations are recommended to apply defense in depth strategy in protecting their networks. Firewalls, intrusion prevention systems (IPS), network and host based intrusion detection systems (IDS) can prevent and log most of the generic attacks.

Make sure systems, applications and third party add-ons are updated with latest upgrades and security patches.

2. If you're running older versions of operating systems or software, make sure they are upgraded to the latest versions as older versions may have some vulnerability that can be manipulated by intruders. Aside from that, please make sure that your web based applications and network based appliances are patched accordingly.

You may refer to your respective vendors' websites for the latest patches, service packs and upgrades. You may also refer to MyCERT's website for information on the latest patches, service packs and upgrades by referring to our latest advisories at:
  
https://www.mycert.org.my/en/services/advisories/mycert/2017/main/index.html

3. If you do not prepare for a DDoS incident in advance, contact your ISP to understand the DDoS mitigation it offers and what process you should follow. If the risk of a DDoS attack is high, consider purchasing specialized DDoS mitigation products or services.

4. Harden the configuration of network, OS, and application components that may be targeted by DDoS. Whitelisting and blacklisting IP address during DDOS is very useful to mitigate the attack to certain extend

5. Make sure Anti-virus software that are running on hosts and email gateways are updated with the latest signature files and are enabled to scan all files.

6. Make sure that your systems are configured properly in order to avoid incidents such as information disclosure, directory listing that are caused by system misconfiguration.

7. Make sure loggings of systems and servers are always enabled. System Administrators are advised to read and monitor the logs on daily basis.

8. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site.

9. Organizations are recommended to regularly conduct vulnerability assessment and penetration testing on their systems.

10. Report security incidents to relevant authorities or to CERTs/CSIRTs in your constituency for immediate remediation and mitigations.

In this year, MyCERT had released several Alerts and Advisories on current threats and vulnerabilities. System Administrators and Internet users must be aware of these threats and vulnerabilities by applying necessary patches and updates.

The Alerts and Advisories are available at:

https://www.mycert.org.my/en/services/advisories/mycert/2017/main/index.html

For incident reporting and other enquiries, please contact MyCERT through the following channels:


For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999@cybersecurity.my or mycert@mycert.org.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: http://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users