ANNOUNCEMENT

Introduction

The National Cyber Coordination and Command Centre (NC4), a national centre that continuously monitors the cyber threat landscape in Malaysia has observed an increased number of cyber activities within this region targeting the ICT infrastructure in Malaysia. NC4 would like to remind System Administrators and Network Administrators to implement sufficient cyber security measures to ensure systems and networks are secured at all times.

Impact

Information leakage, web defacement, malware infection, integrity of information compromised and service disruption.

Impacted Platforms

All operating systems, web servers and online services.

Brief Description

With the recent escalation of several events including geopolitical, humanitarian and new high-impact vulnerabilities, NC4 has observed an increased number of cyber activities targeting Malaysia organisations for the past few weeks and a few campaigns running in this region. Based on the current analysis, events like web defacement, business email compromise (BEC), active exploitation on vulnerable services, data exfiltration, distributed denial of service (DDoS), phishing and ransomware are being reported and currently on rise for the first quarter of 2022. These trends will continue to rise in the coming weeks and throughout the next quarter based on Malaysia's current state of affairs.

Therefore, necessary actions to prevent cyber security incidents that may interrupt the daily operations and services of organisations are urged to be taken.

Recommendation

NC4 urges organisations to remain vigilant and take the following actions:

1. Perform security review on critical ICT assets including applying latest security patches and updates;
2. Provide periodic awareness and alerts to all users in the organisation regarding cyber security best practices;
3. Be wary of unsolicited mails and links with/without attachments;
4. Ensure that anti-virus/anti-malware signatures are up to date and functioning;
5. Never follow links from untrusted sources, which could possibly lead to security attacks, computer virus infection or even identity or account information theft;
6. Disconnect the computer from the Internet when it is not in use;
7. Review the firewall logs and other security devices for anomalies from time to time;
8. Review the firewall and other security appliance configurations from time to time;
9. Block or restrict access to every port such as port 3389 (RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available;
10. Make sure logging of systems and servers are always enabled;
11. Make sure the system password is strong and secured. Perform credential access review and change the password if needed;
12. Make sure that the login pages for System Administrators are not publicly accessible;
13. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be performed daily, on a separate media and stored offline at an alternate site;
14. Shut down all workstations before leaving the office;
15. Perform hardening on all Internet facing applications;
16. Monitor the environment closely for any anomalies;
17. Make use of the Indicator of Compromise (IOC) that was published on the NC4 portal on a daily basis;
18. If a server is suspected to be compromised, isolate the server, reset all usernames and passwords then initiate incident handling; and
19. Report any anomalies within the organisation’s network and enterprise environment to NC4.

16-04-2022