ANNOUNCEMENT

Title: Christmas and New Year Holiday 2018 Alert

Introduction

As the Christmas and New Year holidays approaches and many of us will be leaving for holiday break, NACSA would like to remind System Administrators and Internet users to take the necessary security measures to secure your systems and network and ensure that they are implemented prior leaving for the long holidays.

Impact

Information leakage, information loss, service disruption and integrity of information compromised.

Impacted Platforms

All operating systems, web servers and online services.

Brief Description

We have observed incidents continue to increase throughout the third and fourth quarter of 2018 with majority of incidents reported are related to ransomware, intrusion and malware infections. There had been several incidents reported since early this year such as VPNFilter Router Malware, data breaches on several organization and recently reactivated callback to Command & Control server related to APT32 group known as Ocean Lotus.

We highly recommend System Administrators and Internet users to take the necessary steps to prevent security incidents from occurring and to take mitigation strategies to minimise the impacts or risks to a certain extent. System Administrators should take extra precautions against any possibilities of intrusions, phishing attacks, and malware activities such as ransomware during the holidays, by implementing proper preventive measures against the threats by using combination of blacklisting and whitelisting method and applying the latest patches or upgrades of operating systems, applications and software to prevent intrusions that may be exploiting unpatched applications. Organisations are also urged to perform a rigorous and proper security testing of any new updates prior to deployment.

Customers must be advised adequately on avoiding themselves becoming victims of phishing and fraudulent activities by applying safe browsing, safe email practice and safe Internet banking practice. Organisations must ensure that contact information of System Administrators is made available in the event of a security incident that occurs at or originate from your site.

Recommendation

Organisations and individuals are advised to take the following actions:

  1. Update your critical assets with the latest security patches and updates;
  2. Do not open or click on unsolicited mails and links with/without attachments;
  3. Ensure that anti-virus/anti-malware signatures are up to date and functioning;
  4. Never follow links from untrusted sources, which could possibly lead to security attacks, computer virus infection or even identity or account information theft;
  5. Disconnect your computer from the Internet when it is not in use;
  6. Block or restrict access to every port such as port 3389(RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available;
  7. Make sure loggings of systems and servers are always enabled;
  8. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site;
  9. Shut down all workstations before leaving your office;
  10. Monitor your environment closely for any anomalies;
  11. Report any anomalies happening within your network and enterprise environment to NACSA.

Source : National Cyber Coordination and Command Centre (NC4)

CONTACT US

NATIONAL CYBER SECURITY AGENCY (NACSA)

National Security Council
Prime Minister's Department
Level LG & G, West Wing,
Perdana Putra Building,
Federal Government Administrative Center,
62502 Putrajaya, Malaysia.

FOLLOW US




Number of Visitors Last Updated
21,627 20 March 2019