MA-932.042023: MyCERT Alert - Festive Season and Holiday Alert

  • 20 Apr 2023
  • Alert
  • hari raya, security, holiday

1.0 Introduction

As the Malaysian holiday for “Hari Raya Aidilfitri” approaches over the weekend and many of us will be leaving for holiday break, we would like to alert System Administrators and Internet users to ensure sufficient measures had been implemented to secure their systems and networks before leaving for the holidays.

A total of 1,307 incidents were received through the Cyber999 service between January and March 2023 with majority of incidents reported are related to fraud, malicious code, intrusion and spam. Figure 1 below shows the list of incidents by category.

Chart

Description automatically generated

                                             Figure 1: Statistics of incidents by category

There had been several security incidents since early this year such as Lockbit 3.0, Black Cat and Royal Ransomware, Fake fraud apps and banking trojan that distributed through fake cleaning service websites campaign, data breach, Shopee fake winning contest and large-scale phishing campaign that bypass MFA which we had released Alert & Advisory to address these issues. Other than that, we had also produced advisories on software vulnerabilities as well as product updates for Microsoft. Below are the URLs for some of the mentioned advisories:

Thus, we highly recommend System Administrators and Malaysian Internet users to refer to our Alerts and Advisories to practice necessary steps to prevent security incidents and minimize impacts or risks to a certain extent with preventive measures in place.

2.0 Affected System and Devices
System Administrators should practice additional precautions against any possibilities of intrusions, DDoS, phishing attacks, and malware activities such as ransomware during the festive season, by implementing proper preventive measures against the threats. Data Centers and Web Hosting Companies should also take extra precautions against any software or third party add-ons they're running by applying the latest patches or upgrades to prevent intrusions that may exploit unpatched applications.

Financial Institutions must also be vigilant against any possibilities of phishing and fraudulent activities that target Internet banking. Customers must be advised adequately on avoiding themselves becoming victims of phishing and fraudulent activities by applying safe browsing, safe email practice and safe Internet banking practice. Organizations must ensure contact information of System Administrators is made available in the event of a security incident that occurs at or originate from your site.

System Administrators and Internet users must be aware of these threats and vulnerabilities by applying necessary patches and updates by referring to MyCERT released on Alerts and Advisories on current threats and vulnerabilities.

3.0 Recommendations
Listed below are some recommendations for System Administrators:

  • Make sure systems, applications and third party add-ons are updated with latest upgrades and security patches.
  • If you're running older versions of operating systems or software, make sure they are upgraded to the latest versions as older versions may have some vulnerability that can be manipulated by intruders. Aside from that, please make sure that your web-based applications and network-based appliances are patched accordingly.
  • Refer to your respective vendors' websites for the latest patches, service packs and upgrades. Otherwise, you may also refer to MyCERT’s website for latest advisories on patches, service packs and upgrades.
  • Make sure Anti-virus software that are running on hosts and email gateways are updated with the latest signature files and are enabled to scan all files.
  • Make sure that your systems are configured properly in order to avoid incidents such as information disclosure, directory listing that are caused by system misconfiguration.
  • Make sure loggings of systems and servers are always enabled.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site.
  • Organizations are recommended to apply defense in depth strategy in protecting their networks. Firewalls, intrusion prevention systems (IPS), network and host-based intrusion detection systems (IDS) can prevent and log most of the generic attacks.

Following some recommendations some recommendations for home users:

  • Make sure your PCs and browsers are up to date with the latest upgrades and security patches.
  • Install Anti-Virus software on your PCs to scans and blocks any malware to the PC. The Anti-virus should be regularly updated with the latest signature files in order to detect new worms/viruses.
  • Do not simply click on links and attachments that they receive via social networking sites or emails. Extra precautions must be taken when opening the links and attachments.
  • Do not fall victim to online scams. Take precautions against online scams that target Internet users.
  • Users are recommended the following tips and guidelines on safe Internet at our CyberSAFE website.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done on daily basis and this data should be kept on a separate device, stored offline at an alternate site.

Please take note that our physical office will be closed on 24th April 2023 respectively as they are declared as public holidays. However, incidents can be reported to Cyber999 through our other reporting channels as below and our staff is on duty to respond to the incidents. If you need to report critical incident, you can call Cyber999 via the 24x7 On Call Incident Reporting channel.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)  
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

MA-848.082022: MyCERT Alert - Merdeka Day Best Practices Alert

  • 18 Aug 2022
  • Alert
  • holiday, independence day, best practices

1.0 Introduction
As the Malaysian Independence Day holiday approaches over the weekend and many of us will be leaving for holiday break, we would like to alert System Administrators and Internet users to ensure sufficient measures had been implemented to secure their systems and networks before leaving for the holidays.

A total of 4693 incidents were received through the Cyber999 service between January and July 2022 with majority of incidents reported are related to fraud, malicious code, intrusion and spam. Figure 1 below shows the list of incidents by category.

                                             Figure 1: Statistics of incidents by category

There had been several security incidents since early this year such as Log4j vulnerability, Spring Framework vulnerability, VMware Carbon Black App Control vulnerabilities, banking trojan that distributed through fake cleaning service websites campaign, data breach, Shopee fake winning contest and large-scale phishing campaign that bypass MFA which we had released Alert & Advisory to address these issues. Other than that, we had also produced advisories on software vulnerabilities as well as product updates for Microsoft. Below are the URLs for some of the mentioned advisories:

Thus, we highly recommend System Administrators and Malaysian Internet users to refer to our Alerts and Advisories to practice necessary steps to prevent security incidents and minimize impacts or risks to a certain extent with preventive measures in place.

2.0 Affected System and Devices
System Administrators should practice additional precautions against any possibilities of intrusions, DDoS, phishing attacks, and malware activities such as ransomware during the festive season, by implementing proper preventive measures against the threats. Data Centers and Web Hosting Companies should also take extra precautions against any software or third party add-ons they're running by applying the latest patches or upgrades to prevent intrusions that may exploit unpatched applications.

Financial Institutions must also be vigilant against any possibilities of phishing and fraudulent activities that target Internet banking. Customers must be advised adequately on avoiding themselves becoming victims of phishing and fraudulent activities by applying safe browsing, safe email practice and safe Internet banking practice. Organizations must ensure contact information of System Administrators is made available in the event of a security incident that occurs at or originate from your site.

System Administrators and Internet users must be aware of these threats and vulnerabilities by applying necessary patches and updates by referring to MyCERT released on Alerts and Advisories on current threats and vulnerabilities.

3.0 Recommendations
Listed below are some recommendations for System Administrators:

  • Make sure systems, applications and third party add-ons are updated with latest upgrades and security patches.
  • If you're running older versions of operating systems or software, make sure they are upgraded to the latest versions as older versions may have some vulnerability that can be manipulated by intruders. Aside from that, please make sure that your web-based applications and network-based appliances are patched accordingly.
  • Refer to your respective vendors' websites for the latest patches, service packs and upgrades. Otherwise, you may also refer to MyCERT’s website for latest advisories on patches, service packs and upgrades.
  • Make sure Anti-virus software that are running on hosts and email gateways are updated with the latest signature files and are enabled to scan all files.
  • Make sure that your systems are configured properly in order to avoid incidents such as information disclosure, directory listing that are caused by system misconfiguration.
  • Make sure loggings of systems and servers are always enabled.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site.
  • Organizations are recommended to apply defense in depth strategy in protecting their networks. Firewalls, intrusion prevention systems (IPS), network and host-based intrusion detection systems (IDS) can prevent and log most of the generic attacks.

Following some recommendations some recommendations for home users:

  • Make sure your PCs and browsers are up to date with the latest upgrades and security patches.
  • Install Anti-Virus software on your PCs to scans and blocks any malware to the PC. The Anti-virus should be regularly updated with the latest signature files in order to detect new worms/viruses.
  • Do not simply click on links and attachments that they receive via social networking sites or emails. Extra precautions must be taken when opening the links and attachments.
  • Do not fall victim to online scams. Take precautions against online scams that target Internet users.
  • Users are recommended the following tips and guidelines on safe Internet at our CyberSAFE website.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done on daily basis and this data should be kept on a separate device, stored offline at an alternate site.

Please take note that our physical office will be closed on 31st August 2022 respectively as they are declared as public holidays. However, incidents can be reported to Cyber999 through our other reporting channels as below and our staff is on duty to respond to the incidents. If you need to report critical incident, you can call Cyber999 via the 24x7 On Call Incident Reporting channel.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)  
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

MA-832.042022: MyCERT Alert - Festive Season and Holiday Alert

  • 14 Apr 2022
  • Alert
  • festive, holiday, CMCO, home

1.0 Introduction

As festive season approaches, we would like to alert System Administrators and Malaysian Internet users to follow necessary measures to secure systems and networks before leaving for the holidays, to ensure organization business continuity and self-protection especially in times of working remotely during this Conditional Movement Control Order (CMCO).

2.0 Impact
A total of 1785 incidents reported through Cyber999 between January and March 2022 with majority of incidents are related to fraud, malicious code and intrusion. Table 1 below shows the list of incidents by category.

                                                         Table 1: Statistics of incidents by category

There had been several security incidents since early this year such as Log4j vulnerability, Spring Framework vulnerability, VMware Carbon Black App Control vulnerabilities and banking trojan that distributed through fake cleaning service websites campaign which we had released Alert & Advisory to address these issues. Other than that, we had also produced advisories on software vulnerabilities as well as product updates for Microsoft. Below are the URLs for some of the mentioned advisories:

Thus, we highly recommend System Administrators and Malaysian Internet users to refer to our Alerts and Advisories to practice necessary steps to prevent security incidents and minimize impacts or risks to a certain extent with preventive measures in place.

3.0 Affected System and Devices
System Administrators should practice additional precautions against any possibilities of intrusions, phishing attacks, and malware activities such as ransomware during this festive season by implementing proper preventive measures against these threats. Data Centers and Web Hosting Companies should beware of any software or third-party add-ons they are running by applying latest patches or upgrades to prevent intrusions that may exploit unpatched applications. 

Financial Institutions must be vigilant against any possibilities of phishing and fraudulent activities that target Internet banking. Customers must be advised adequately to avoid themselves becoming victims these scams by applying safe browsing, safe email practice and safe Internet banking practice. Organizations must ensure contact information of System Administrators is made available in the event of a security incident at or originate from your site. 

System Administrators and Internet users must be aware of these threats and vulnerabilities by applying necessary patches and updates. Please refer to MyCERT Alerts and Advisories on current threats and vulnerabilities as below:

4.0 Recommendations
Following are some recommendations for System Administrators:

  1. Ensure systems, applications and third party add-ons are updated with latest upgrades and security patches.  If you are running older versions of operating systems or software, upgrade it to the latest version as older version are vulnerable and easily manipulated by intruders. Also, patch your web-based applications and network-based appliances accordingly. 
    Refer to your respective vendors' websites for the latest patches, service packs and upgrades. Otherwise, you may also refer to MyCERT’s website for latest advisories on patches, service packs and upgrades as below:

    - https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5
     
  2. Update Anti-virus software that are running on hosts and email gateways with the latest signature files and ensure the settings to scan all files is enable.
  3. Configure systems properly to avoid incidents such as information disclosure, directory listing due to system misconfiguration.
  4. Always enabled logging systems and servers activities and keep them in a sufficient period of time.
  5. Backup critical information regularly to limit the impact of data or system loss and to help expedite the recovery process. Ideally, backup daily, on a separate media and store offline at an alternate site.
  6. Organizations are recommended to apply defense in depth strategy in protecting their networks. Firewalls, intrusion prevention systems (IPS), network and host-based intrusion detection systems (IDS) can prevent and log most of the generic attacks.

Following are some recommendations for home users:

  1. Update your PCs and browsers with latest upgrades and security patches.
  2. Install Anti-Virus software on your PC to scan and block any malware. Update Anti-virus regularly with latest signature files to detect new worms/viruses.
  3. Take extra precautions when clicking on links and downloading attachments received via social networking sites or emails.
  4. Do not fall victim to online scams. Take precautions against online scams that target Internet users.
  5. Users are recommended to practice the following tips and guidelines to browse Internet safely at: http://www.cybersafe.my
  6. Backup critical information regularly to limit the impact of data or system loss and to help expedite the recovery process. Ideally, backup daily and keep data on a separate device, offline at an alternate site as stated in the best practices below:

    - https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5

Please be informed that our physical office will be closed on 2nd May until 4th May 2022 respectively as these dates are declared public holidays. 

During this CMCO tenure until it is declared lifted by the government, MyCERT will not accept any walk-in reports to ensure safety of our employees and complainants. 

Incidents can still be reported to Cyber999 through our reporting channels as listed at the end of the page and we will respond accordingly. To report any critical incident, call Cyber999 via the 24x7 On Call Incident Reporting channel. 

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)  
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

MA-814.082021: MyCERT Alert - Cyber Security Best Practices in conjunction with Malaysia Independence Day holiday

  • 27 Aug 2021
  • Alert
  • holiday, independence day, best practices

1.0 Introduction

As the Malaysian Independence Day holiday approaches over the weekend and many of us will be leaving for holiday break, we would like to alert System Administrators and Internet users to ensure sufficient measures had been implemented to secure their systems and networks before leaving for the holidays.

A total of 6,615 incidents were received through the Cyber999 service between January and July 2021 with majority of incidents reported are related to fraud, intrusion, malicious code and cyber harassment. Figure 1 below shows the list of incidents by category.