Advisories

SR-021.012023: MyCERT Report - MyCERT Quarterly Threat Report Q3 2022
  •   27 Jan 2023
  •   Report
  •   report, Q3, Summary

MyCERT 3rd Quarter 2022 Summary Report  
 
1.0  Introduction
The MyCERT Quarterly Threat Report provides an overview of computer security incidents handled by the Malaysia Computer Emergency Response Team (MyCERT), a department within CyberSecurity Malaysia. This quarterly report also highlights statistics of incidents handled by MyCERT in Q3 2022 according to categories, as well as the list of security advisories released in this quarter. It should be noted that the statistics provided in this report reflect only the total number of incidents reported and handled by MyCERT, excluding elements such as monetary value or aftermaths of the incidents. Computer security incidents handled by MyCERT are those involving IP addresses and domains originating from Malaysia. MyCERT works closely with ISPs, CERTs, Special Interest Groups and LEAs, from local and international, to remediate and mitigate computer security incidents in Malaysia.
 
2.0  Trends Q3 2022
The number of Malaysians using digital devices and connected to the Internet has increased dramatically. As of January 2022, the estimated number of Internet users in Malaysia is 29.55 million out of a total of 32.98 million population. According to the Home Minister, the number of cases recorded associated with cyberbullying, fraud, intrusion, phishing, and email scams had nearly doubled, making cybersecurity one of Malaysia's top concerns in view of the drastic rise in online crimes reported in the country.
In general, MyCERT receives incident reports from local individuals, including Internet users and members of the public, as well as from industries, government, academia and non-profit organisations (NGOs). MyCERT also proactively monitors and gathers insights on cyber threats that could impact national security and critical infrastructure in Malaysia and aids in mitigating these threats.
MyCERT's Cyber999, a cybersecurity incident response centre, received 2,240 incidents from July to September 2022. In comparison, the second quarter (Q2) of 2022 showed a total of 1,977 incidents reported, indicating a 13% increase.


Table 1 below compares the reported incidents for Q2 2022 and Q3 2022 according to incident categories.

Categories of Incidents                  Quarters    Percentage (%)
   Q2 2022    Q3 2022
Content Related           11          18                 64
DoS            7           4               -43
Fraud         1391        1289                 -7
Intrusion         222         203                 -9
Intrusion Attempt          35           73               109
Malicious Codes         248          308                 24
Spam           49          340                594
Vulnerabilities Report           14            5                -64
TOTAL        1977        2240                 13

Table 1: Comparison of total incidents between Q2 2022 and Q3 2022
 

Categories of Incidents       July     Aug       Sept
Content Related         1       10           7
DoS         0         1           3
Fraud       429      294        566
Intrusion         82       45          76
Intrusion Attempt         32       21          20
Malicious Codes         98     124          86
Spam       286       27          27
Vulnerabilities Report         3         2           0
TOTAL       931      524         785

Table 2: Number of incidents based on months in Q3 2022

Figure 1: Breakdown of reported incidents from July to Sept 2022
 

Figure 2: Percentage of reported incidents by classification
 
Based on the above statistics, there is an upward trend in which a few incidents reported to MyCERT increased in Q3 2022 compared to Q2 2022, with two incidents remaining lower. The one incident, malicious code showed an increase of 24%. For the total incident of Q3 2022, the topmost reported incident is a fraud, representing (57.54%) of the total number of reported incidents to MyCERT. This is followed by spam  (15.18%) and malicious code (13.75%). 
Based on the current and past trends, malware-related incidents will most likely continue to grow in Malaysia. They will always be among the top reported incidents to MyCERT if Internet users do not take proper security measures to prevention. This is followed by fraud incidents that could potentially continue to grow in Malaysian cyberspace.
2.1 Top Fraud Incidents Reported by Malaysian Internet Users to MyCERT
Scam activities and fraud continuously prevail within the community, targeting various citizens, from students to professionals. It has become a preferred method of criminals as awareness is still lacking among the public, making them an easier target. A total of 1,289 fraud incidents were handled this quarter, representing a decrease of 7% compared to Q2 2022. All the incidents were received from organisations and individuals. The top fraud incidents reported to MyCERT are as below:
·      Phishing
·      Impersonation and Spoofing         
·      Fraudulent  website
·      Job scam         
·      Bogus email           
·      Business email compromise (BEC)

Based on a report by News Strait Times on 14 March 2022, online scammers managed to gain RM1.6 billion from over 51,631 incidences reported between 2019 and 2021. Therefore, Internet users and organisations must be vigilant when conducting online transactions or performing e-commerce transactions to avoid becoming victims of online fraud.
 
2.2 Top Malware Infection in Malaysia
The second most reported incident in this quarter is spam. Most of the spam incidents received from spam feeds include spam relays subcategories. The third top incidents are malicious code. This includes malware hosting, ransomware, malicious APK, backdoor and trojans. Among these incidents, the top reported malware incident is related to malicious APK. This type of incident is typically received from banking users that directly report to local financial institutions. Users must be vigilant and keep systems up to date with the latest patches and security measures to prevent unwanted incidents especially related to mobile phone security. The second top-reported incident within the malware category is malware hosting. This category of malware-hosting on vulnerable servers with IP addresses originates from Malaysia. These incidents usually are received from foreign entities, such as Anti-virus vendors and Special Interest Groups. System Administrators must be vigilant and always keep systems up-to-date with the latest patches and security measures to prevent unwanted incidents.
 
Nevertheless, ransomware incidents decreased in Q3 2022 compared to the previous quarter. Ransomware is malicious software (malware) that infects a computer and restricts access until the requested ransom is paid. Our finding identified that Ransomware incidents frequently occur among business organisations, and the incidents are mostly reported by commercial businesses, consistent with Verizon 2022 DBIR report that organisations, including businesses, are most impacted by ransomware across the globe. It is also considered the costliest attack among other threats, involving the cost of recovering the whole data and rectifying infected machines.
Below we list down the top malware that infected computers belonging to individuals and organisations in Malaysia, as reported to MyCERT:
·      avalanche-andromeda 
·      dltminer
·      sinkhole
·      downadup
·      m0yv
·      sality
·      android.hummer
·      sality-p2p
·      js.worm.bondat
·      necurs
·      lethic
Good backup management and cyber security awareness are essential in combating ransomware and other types of malware. The backup procedure, policy and best practices need to be implemented by everyone. Providing awareness campaigns to ensure users are up to date with the latest cyber threat landscapes and conducting organization-level tabletop exercises to challenge user understanding are among the best efforts to improve an organisation’s cybersecurity.
 
3.0  Security Advisories and Alerts Released in Q3 2022
In Q3 2022, MyCERT issued 17 advisories and nine alerts involving Mozilla, Microsoft, Apple, VMware security updates, etc. The alert and advisory come with descriptions, recommendations, and references. Highlights of advisories and warnings for this quarter are:
1. MA-843.072022: MyCERT Alert - Security Best Practices on Safe Online Transaction and Safeguarding Banking Information
URL: https://www.mycert.org.my/portal/advisory?id=MA-843.072022
2. MA-842.072022: MyCERT Alert - Amalan Terbaik Keselamatan Mengenai Pelanggaran Data
URL: https://www.mycert.org.my/portal/advisory?id=MA-842.072022
3. MA-845.072022: MyCERT Alert - Large-scale Phishing Campaign Bypasses MFA
URL: https://www.mycert.org.my/portal/advisory?id=MA-845.072022
4. MA-846.072022: MyCERT Alert - Alert on Fake Winning Contest Shopee
URL: https://www.mycert.org.my/portal/advisory?id=MA-846.072022
5. MA-847.082022: MyCERT Alert - Peraduan Menang Palsu Shopee 
URL: https://www.mycert.org.my/portal/advisory?id=MA-847.082022
6. MA-848.082022: MyCERT Alert - Merdeka Day Best Practices Alert
URL: https://www.mycert.org.my/portal/advisory?id=MA-835.052022
7. MA-849.082022: MyCERT Alert - Security updates available for Google Chrome (CVE-2022-2856)
URL: https://www.mycert.org.my/portal/advisory?id=MA-849.082022
8. MA-858.092022: MyCERT Alert - IOCs and TTP Associated with Vice Society Actors 
URL: https://www.mycert.org.my/portal/advisory?id=MA-858.092022
9. MA-862.092022: MyCERT Alert - MyPetronas Malicious Application
URL : https://www.mycert.org.my/portal/advisory?id=MA-862.092022
10. MA-865.092022: MyCERT Advisory - Whatsapp Security Advisories for CVE 2022-36934 and CVE-2022-27492
URL : https://www.mycert.org.my/portal/advisory?id=MA-865.092022
 
Internet users and organisations may refer to the following URL for other advisories and alerts released by MyCERT: 
https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5
 
4.0 Conclusion
Overall, the number of computer security incidents reported to MyCERT. This quarter shows a slight upward trend compared to the previous quarter, with a 13% increase. Though this is a tiny percentage, organisations and individuals must not assume that our cyberspace is now secured but must always ensure readiness and preparedness against potential threats out there. Furthermore, there was no significant or severe incident observed in this quarter. Nevertheless, users and organisations must be constantly vigilant of the latest computer security threats and are always advised to take measures to protect their systems and networks from these threats. Hence, MyCERT strongly recommends that all internet users be constantly aware of today's cybercrime trends and adhere to the best cyber hygiene practices. This also includes secure handling emails from unknown sources, secure web browsing, purchasing goods online, and using social media applications. Always check the legibility of the applications, portal, merchants, services, and products before conducting any online transaction. However, as the complexity of cyber threats continues to increase, without proper awareness, organisations and individuals could be potential statistics of reported incidents.
 
Malaysian Internet users and organisations may contact MyCERT for assistance at the below contact:
E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting)  
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my
 

Popular Advisories
Archives