MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2018

MyCERT 1st Quarter 2018 Summary Report


22th May 2018
 

Introduction

The MyCERT Quarterly Summary Report provides an overview of activities carried out by the Malaysia Computer Emergency Response Team (hereinafter referred to as MyCERT), a department within CyberSecurity Malaysia. These activities are related to computer security incidents and trends based on security incidents handled by MyCERT. This summary report highlights statistics of incidents handled by MyCERT in quarter 1 (Q1) 2018 according to categories, security advisories and other activities carried out by MyCERT personnel. The statistics provided in this report reflect only the total number of incidents handled by MyCERT and not elements such as monetary value or repercussions of the incidents.


Computer security incidents handled by MyCERT are those that occur or originate within the Malaysian constituency. MyCERT works closely with other local and global entities to resolve computer security incidents.


Incident Trends Q1 2018

Reported incidents to MyCERT are from various parties within the constituency as well as outside of Malaysia. These parties include home users, private sectors, government sectors, security teams from abroad, foreign CERTs, Special Interest Groups (SIG) including MyCERT's proactive monitoring on several cyber incidents.

From Jan to Mar 2018, MyCERT via its Cyber999 service handled a total of 1688 incidents. This represents 18.77% decrease of the total incidents compared to quarter 4 (Q4) 2017 which received 2078 incidents. The only increase incident from previous quarter is cyber harassment.

Table 1 below illustrates the comparison of number of incidents reported according to the Categories of Incidents for Q4 2017 and Q1 2018.


Categories of Incidents

Quarters

Percentage (%)

Q4 2017

Q1 2018

Content Related

10

16

60

Cyber Harassment

97

80

-17.53

DoS

3

1

-66.67

Fraud

932

888

-4.72

Intrusion

351

258

-26.5

Intrusion Attempt

29

43

48.28

Malicious Codes

180

89

-50.56

Spam

68

62

-8.82

Vulnerabilities Report

18

16

-11.11

TOTAL

1688

1453

-13.92

Table 1: Comparison of number of incidents between Q4 2017 and Q1 2018


Categories of Incidents

Jan

Feb

Mac

Content Related

2

6

8

Cyber Harassment

27

31

22

DoS

0

0

1

Fraud

234

297

357

Intrusion

110

59

89

Intrusion Attempt

19

17

7

Malicious Codes

36

22

31

Spam

10

24

28

Vulnerabilities Report

1

7

8

TOTAL

439

463

551

Table 2: Number of incidents reported in the months of Q1 2018



Figure 1: Breakdown of reported incidents in Jan to Mar 2018



Figure 2: Percentage of reported incidents by classification


In Q1 2018, the most reported incident is fraud, representing 61.11% of the total reported incidents to MyCERT. A total of 888 fraud incidents were received in this quarter, from organizations and home users. By looking at the current trend and scenario, it is most likely fraud incident will continue to grow and always be among the most reported incidents in our constituency. Because of that, MyCERT advised Internet users to be precautious and always adhere to best practices when they received email from unknown sources, purchase goods online, and using social media application. Users must ensure that the dealing is made with trusted parties and never simply transfer money to seller without prior checking on the status of the sender.

The second and third incident categories reported are intrusion and malicious code with 17.76% and 6.13% respectively.

Meanwhile, malicious codes incidents saw the decreased of -50.56% for this quarter, representing a total of 89 incidents. Malicious code generally involved botnet C&C, bots, malware and malware hosting. Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. However, we have received about 16 incidents of ransomware for this Q1, which is decreased from previous quarter about 34 incidents.  Individual users and commercial business were reported the ransomware incidents. Majority of the ransomware incidents received are related to the GandCrab 2.0, .$CRYPTED, .java Dharma,  WannaCry, .fairytale (Cryakl), Gingerbread, and a few related to other variants. Users and administrators are advice to take the preventive measures to protect their computer networks from ransomware infection.


Advisories and Alerts

In Q1 2018, MyCERT issued a total of 2 advisories and 2 alerts, which involved Security Update Adobe, Microsoft security bulletin, side channel attack and malicious APK.

The Alert and Advisory comes with descriptions, recommendations and references. Highlights of Alert for this quarter are:

1.MA-691.012018: MyCERT Alert - CPU Hardware Side-Channel Attacks Vulnerability
https://www.mycert.org.my/en/services/advisories/mycert/2018/main/detail/1301/index.html

2.MA-693.012018: MyCERT Advisory – Adobe Releases Security Updates for Flash Player
https://www.mycert.org.my/en/services/advisories/mycert/2018/main/detail/1303/index.html

3.MA-692.012018: MyCERT Advisory - Microsoft Releases January 2018 Security Updates
https://www.mycert.org.my/en/services/advisories/mycert/2018/main/detail/1302/index.html

4.MA-694.012018: MyCERT Alert – Fake Bank Negara Malicious APK
https://www.mycert.org.my/en/services/advisories/mycert/2018/main/detail/1304/index.html


Readers can visit the following URL on advisories and alerts released by MyCERT at:
https://www.mycert.org.my/en/services/advisories/mycert/2017/main/index.html


Conclusion
In conclusion, the number of computer security incidents reported to MyCERT this quarter had decreased by -13.92% compared to previous quarter. No severe incidents were reported to MyCERT in this quarter and MyCERT did not observed any crisis or outbreak in our constituencies. Nevertheless, users and organizations must be constantly vigilant of the latest computer security threats and are advised to always take measures to protect their systems and networks from these threats.

Malaysian Internet users and organizations may contact MyCERT for assistance at the below contact:


For further enquiries, please contact MyCERT through the following channels:
E-mail : cyber999@cybersecurity.my or mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 AM - 5:30 PM MYT

Web : http://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

Please refer to MyCERT's website for latest updates of this Quarterly Summary.