ANNOUNCEMENT

Introduction

As the festive season holiday approaches and many of us will be leaving for holiday break, NACSA would like to remind System Administrators and Internet users to implement sufficient security measures had been implemented to ensure that systems and networks are secure before leaving for the long holidays.

Impact

Information leakage, information loss, service disruption and integrity of information compromised.

Impacted Platforms

All operating systems, web servers and online services.

Brief Description

We have observed incidents continue to increase throughout the first and second quarter of 2018 with majority of incidents reported are related to fraud, intrusion and cyber harassment. There had been several incidents reported since early this year such as Fake Bank Negara Malicious APK, Distributed Denial of Service attacks using Memcached, Symantec Certificate Issue and CPU Hardware Side-Channel Attacks Vulnerability known as Meltdown and Spectre.

We highly recommend System Administrators and Internet users to take the necessary steps to prevent security incidents from occurring and to take mitigation strategies to minimize the impacts or risks to a certain extent. System Administrators should take extra precautions against any possibilities of intrusions, phishing attacks, and malware activities such as ransomware during the festive season, by implementing proper preventive measures against the threats by applying the latest patches or upgrades of operating systems, applications and software to prevent intrusions that may be exploiting unpatched applications.

Customers must be advised adequately on avoiding themselves becoming victims of phishing and fraudulent activities by applying safe browsing, safe email practice and safe Internet banking practice. Organizations must ensure contact information of System Administrators is made available in the event of a security incident that occurs at or originate from your site.

Recommendation

Organisations and individuals are advised to take the following actions:

1. Update your critical assets with the latest security patches and updates;
2. Do not open or click on unsolicited mails and links with/without attachments;
3. Ensure that anti-virus/anti-malware signatures are up to date and functioning;
4. Never follow links from untrusted sources, which could possibly lead to security attacks, computer virus infection or even identity or account information theft;
5. Disconnect your computer from the Internet when it is not in use;
6. Block or restrict access to every port such as port 3389(RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available;
7. Make sure loggings of systems and servers are always enabled;
8. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site;
9. Shut down all workstations before leaving your office;
10. Monitor your environment closely for any anomalies;
11. Report any anomalies happening within your network and enterprise environment to NC4.