MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2018

MA-701.062018: MyCERT Special Alert – Festive Season and Holiday Alert

Date first published: 05/06/2018


1.0    Introduction

As the festive season holiday approaches and many of us will be leaving for holiday break, we would like to alert System Administrators and Internet users to ensure sufficient measures had been implemented to secure their systems and networks before leaving for the holidays.

In this year, we observed incidents continue to increase from March to May. A total of 2713 incidents were received through the Cyber999 service between Jan and May 2018 with majority of incidents reported are related to fraud, intrusion and cyber harassment. There had been several incidents reported since early this year such as Fake Bank Negara Malicious APK, Distributed Denial of Service attacks using Memcached, Symantec Certificate Issue and CPU Hardware Side-Channel Attacks Vulnerability known as Meltdown and Spectre which we had released Alert & Advisory to address these issues. Other than that, we had also produced advisories on software vulnerabilities as well as product updates such as Microsoft, Adobe, Drupal, Cisco and other related softwares.

Thus, we highly recommend System Administrators and Internet users to refer to our Alerts & Advisories and follow the necessary steps to prevent security incidents and minimize the impacts or risks to a certain extent with preventive measures in place.

System Administrators should take extra precautions against any possibilities of intrusions, phishing attacks, and malware activities such as ransomware during the festive season, by implementing proper preventive measures against the threats. Data Centres and Web Hosting Companies should also take extra precautions against any software or third party add-ons they're running by applying the latest patches or upgrades to prevent intrusions that may exploit unpatched applications.

Financial Institutions must also be vigilant against any possibilities of phishing and fraudulent activities that target Internet banking. Customers must be advised adequately on avoiding themselves becoming victims of phishing and fraudulent activities by applying safe browsing, safe email practice and safe Internet banking practice. Organizations must ensure contact information of System Administrators is made available in the event of a security incident that occurs at or originate from your site.

System Administrators and Internet users must be aware of these threats and vulnerabilities by applying necessary patches and updates by referring to MyCERT released on Alerts and Advisories on current threats and vulnerabilities.

Alerts and Advisories released for this year is available at:
https://www.mycert.org.my/en/services/advisories/mycert/2018/main/index.html


Attached below are some recommendations for System Administrators:

1. Make sure systems, applications and third party add-ons are updated with latest upgrades and security patches.

If you're running older versions of operating systems or software, make sure they are upgraded to the latest versions as older versions may have some vulnerability that can be manipulated by intruders. Aside from that, please make sure that your web based applications and network based appliances are patched accordingly.

You may refer to your respective vendors' websites for the latest patches, service packs and upgrades. You may also refer to MyCERT's website for information on the latest patches, service packs and upgrades by referring to our latest advisories at:
    https://www.mycert.org.my/en/services/advisories/mycert/2018/main/index.html

2. Make sure Anti-virus software that are running on hosts and email gateways are updated with the latest signature files and are enabled to scan all files.

3. Make sure that your systems are configured properly in order to avoid incidents such as information disclosure, directory listing that are caused by system misconfiguration.

4. Make sure loggings of systems and servers are always enabled.

5. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site.

6. Organizations are recommended to apply defense in depth strategy in protecting their networks. Firewalls, intrusion prevention systems (IPS), network and host based intrusion detection systems (IDS) can prevent and log most of the generic attacks.


Below are some recommendations for home users:

1. Make sure your PCs and browsers are up-to-date with the latest upgrades and security patches.

2. Install Anti-Virus software on your PCs to scans and blocks any malware to the PC. The Anti-virus should be regularly updated with the latest signature files in order to detect new worms/viruses.

3. Do not simply click on links and attachments that they receive via social networking sites or emails. Extra precautions must be taken when opening the links and attachments.

4. Do not fall victim to online scams. Take precautions against online scams that target Internet users.

5. Users are recommended the following tips and guidelines on safe Internet at:

    http://www.cybersafe.my

6. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done on daily basis and this data should be kept on a separate device, stored offline at an alternate site.

Please take note that our physical office will be closed on 14th June until 15th June 2018 respectively as they are declared as public holidays. However, incidents can be reported to Cyber999 through our other reporting channels as below and our staff is on duty to respond to the incidents. If you need to report critical incident, you can call Cyber999 via the 24x7 On Call Incident Reporting channel.


For incident reporting and other enquiries related to security incidents, please contact MyCERT through the following channels:

E-mail: cyber999@cybersecurity.my  
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Handphone: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: http://www.mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users