Introduction

National Cyber Coordination and Command Centre (NC4) continuously monitors the cyber threat landscape in Malaysia and has observed an increased number of cyber activities within this region and targeting the ICT infrastructure in Malaysia. NC4 would like to remind System Administrators and Network Administrators to implement sufficient cyber security measures to ensure that systems and networks are secure at all times.

Impact

Information leakage, web defacement, malware infection, integrity of information compromised and service disruption.

Brief Description

With the recent escalation of several events including geopolitical, humanitarian and new high impact vulnerability, NC4 has observed an increased number of cyber activity targeting Malaysia organisations for the past few weeks and a few campaigns running in this region.  Based on the current analysis, events like web defacement, business email compromise (BEC), active exploitation on vulnerable services, data exfiltration, distributed denial of service (DDoS), phishing & ransomware are being reported and currently on rise for the first quarter of 2022. NC4 also believes these trends will continue in the coming weeks and throughout the next quarter based on Malaysia's current state of affairs.

Therefore, organisations are urged to take the necessary actions to prevent your organisation from becoming a victim in cyber attacks that may interrupt your daily operation and services.

System Affected

All operating systems, web servers and online services.

Recommendation

NC4 urges organisations to always remain vigilant and to take the following actions:  ​

1. Perform security review on your critical ICT assets including applying latest security patches and updates; 

2. Provide periodic awareness & alerts to all users in the organisation regarding cyber security best practices;

3. Be wary of unsolicited mails and links with/without attachments;  

4. Ensure that anti-virus/anti-malware signatures are up to date and functioning; 

5. Never follow links from untrusted sources, which could possibly lead to security attacks, computer virus infection or even identity or account information theft;

6. Disconnect your computer from the Internet when it is not in use;

7. Review your firewall logs and other security devices for anomalies from time to time;

8. Review your firewall and other security appliance configurations from time to time;

9. Block or restrict access to every port such as port 3389(RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available; 

10. Make sure logging of systems and servers are always enabled;

11. Make sure your system password is strong and secured. Perform credential access review and change the password if needed;

12. Make sure that you did not publicly made login pages for System Administrators accessible;

13. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site;

14. Shut down all workstations before leaving your office;

15. Perform hardening on all your Internet facing applications;

16. Monitor your environment closely for any anomalies;

17. Make use of Indicator of Compromise (IOC) that were published on NC4 portal on daily basis;

18. If you suspected that your servers have been compromised, isolate your server, reset all usernames and passwords and initiate incident handling;  

19. Report any anomalies happening within your network and enterprise environment to NC4.