NC4 Public1

National Cyber Threat Level

Low

Moderate

Caution

High

Critical

NC4-ALR-2022-000004

Alert on Potential Cyber Attack on Malaysian Domains

Introduction

The National Cyber Coordination and Command Centre (NC4) monitors cyber threats in Malaysia and has observed an increase of cyber activities on Malaysian domains based on the current ongoing campaign. In this regard, NC4 reminds system and network administrators to immediately implement sufficient cyber security measures to ensure the systems and networks are secured at all times.

Impact

Possible information leakage, web defacement and service disruption.

Brief Description

NC4 has observed an increase of various attack attempts targeting numerous domains in Malaysia. While there is no precise date and time regarding the attacks, the methods that are likely to be deployed by the attackers are Distributed Denial of Service (DDoS), brute force and SQL Injection to the vulnerabilities on the targeted website. It is observed that this campaign might extend for a few weeks.

Therefore, NC4 urges all organisations to take necessary prevention measures to avoid becoming the victim of this attack that may cause the interruption of the organisation's operation as well as the security of the system, data and ICT infrastructure

System Affected

All operating systems, web servers and online services. 

Recommendation

Organisations are advised to be vigilant and take the following actions:  

  1. Monitor your environment closely for any anomalies and mass scanning attempts;

  2. Ensure all your critical ICT assets are installed with the latest security patches and updates; 

  3. Be wary of unsolicited emails that have links with/without attachments;  

  4. Ensure that anti-virus/anti-malware signatures are up to date and functioning well; 

  5. Review the logs of your firewalls and other security devices for anomalies from time to time;

  6. Review the configurations of your firewalls and other security appliances from time to time;

  7. Block or restrict access to every port such as port 3389 (RDP), port 5900 (VNC), port 22 (SSH) and services except for those that should be publicly available; 

  8. Make sure logging of systems and servers are always enabled;

  9. Make sure your system password is strong and secured. Change the password if needed;

  10. Make sure the login pages for the system administrators are not publicly accessible;

  11. Perform regular backup of all critical data to minimise the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site;

  12. If you suspect any of your servers have been compromised, isolate the identified server immediately, reset all usernames and passwords and initiate incident handling;  

  13. Perform hardening on all your Internet-facing applications;

  14. Report any anomalies detected within your network and enterprise environment to NC4. 

Insert title here