MyCERT 3rd Quarter 2011 Summary Report - CyberSAFE Malaysia

More documents

Recommendations

Info

4compared to the previous quarter. Some ofthe malicious code incidents we handledare active botnet controller, hosting ofmalware or malware configuration fileson compromised machines and malwareinfections on computers.Advisories and AlertsIn Q3 2011, MyCERT had issued a total ofsix advisories and alerts for its constituency.Most of the advisories in Q3 involvedpopular end-user applications such asAdobe PDF Reader, Safari web browser andMultiple Microsoft Vulnerabilities. Attackersoften compromise computers of endusersby exploiting vulnerabilities in theirapplications. Generally, these attackers tricka user in opening a specially crafted file (i.e.a PDF document) or web page. Readers canvisit the following URL below on advisoriesand alerts released by MyCERT.http://www.mycert.org.my/en/services/advisories/mycert/2011/main/index.htmlOther ActivitiesIn this quarter, MyCERT had conductedseveral trainings and presentations relatedto incident handling, malware analysis andInternet security awareness. Several of thetrainings that we conducted recently wereIncident Handling for Critical NationalInfrastructure and also for participants ofMalaysian Cyber Drill. We also conductedpresentations at the Hack in TaiwanConference, the DEFCON Conference inthe USA and at OWASP Day. DEFCON isthe world’s longest running and largestunderground hacking conference. OWASPstands for Open Web Application SecurityProject, a non-profit worldwide charitableorganisation focused on improving thesecurity of software applications.ConclusionBasically, in Q3 2011, the number ofcomputer security incidents reported to ushad increased compared to the previousquarter. In addition, most categories ofincidents reported to us had also increased.The increase is also a reflection that moreInternet users are aware of the importance ofreporting security incidents to the relevantparties. In addition, it must be noted thatthere are other factors contributing to theincrease in security incidents, not onlyin Malaysia but worldwide. However, nosevere incidents were reported to us thisquarter and we did not observe any seriouscrisis or outbreak in our constituencies.Nevertheless, users and organisations mustbe constantly vigilant of the latest computersecurity threats and are advised to alwaystake measures to protect their systems andnetworks from these threats.Internet users and organisations may contactMyCERT for assistance at the below contact:E-mail: mycert@mycert.org.myCyber999 Hotline: 1 300 88 2999Phone: (603) 8992 6969Fax: (603) 8945 3442Phone: 019-266 5850SMS: Type CYBER999 report & SMS to 15888http://www.mycert.org.my/Please refer to MyCERT’s website for latestupdates of this Quarterly Summary. ■e-Security | Cyber Security Malaysia | Vol: 28-(Q3/2011)© CyberSecurity Malaysia 2011 - All Rights Reserved
CyberCSI 3 rd Quarter 2011Summary Report5IntroductionThe CyberCSI Third Quarter SummaryReport provides an overview of activitiesundertaken by the Digital ForensicsDepartment (hereinafter referred to as DFD)of CyberSecurity Malaysia for the month ofJuly, August and September in 2011. Theseactivities are related to case analysis receivedfrom law enforcement agencies (hereinafterreferred to as LEAs) and regulatory bodies(hereinafter referred to as RBs) such asRoyal Malaysian Police (PDRM), MalaysianAnti-Corruption Commission (MACC),Malaysian Communications and MultimediaCommission (MCMC) and the SecuritiesCommission Malaysia (SC). This summarywill also highlight the training sessions andtalks given to LEAs, RBs and public basedorganisations on modules encompassingdigital forensics.Digital Forensics and DataRecovery StatisticsDigital Forensics Case StatisticsFrom July to September 2011, DFD handled105 cases in digital forensics. DigitalForensics cases comprised cases concerningcomputer forensics, mobile forensics, audioforensics and video or image forensicssubmitted by LEAs and RBs.Figure 1: Illustrates cases on Digital Forensicsreceived from July to September 2011.Figure 1: Cases Breakdown by Month 2011The chart in Figure 2 shows the categorybreakdown of cases received by DFD inthe period between July – September 2011.There are three (3) major categories thathave been classified as of ‘highest priority’which is Bribery, Illegal Business and CCTV/Video Extraction. Other minor cases whichalso contributed to the statistics wereThreat, Fraud, Smuggling, Harassment andOthers.Figure 2: Breakdown by Categories of Digital Forensics CasesBribery cases were the highest contributorwith 22 cases reported. When dealing withthese types of cases, DFD provides supportto LEAs by analysing emails, text messages,multimedia messages, calls via electronicgadgets such as mobile phones, notebooks,hard disks and thumb drives that were usedas case evidences. DFD was also involvedin the task force units consisting of variousLEAs for Ops 3B. During this operation, theDFD teams focused solely on corruptionand bribery elements within each case. Thisoperation was led by BNM (Bank NegaraMalaysia).The Illegal Business category was at secondplace for this period with 16% share of thetotal cases recorded. This category showedan increase in its trend as compared to DFD’shalf year statistic (Jan-Jun) which was onlyat 5%.e-Security | Cyber Security Malaysia | Vol: 28-(Q3/2011)© CyberSecurity Malaysia 2011 - All Rights Reserved
Page 3: MyCERT 3 rd Quarter 2011 Summary Re
Page 8 and 9: 6Based on the statistics, there was
Page 10 and 11: 8Legal Restriction on CryptographyB
Page 12 and 13: 10Wassenaar Agreement “will not i
Page 14 and 15: 12transactions, electronically thro
Page 16 and 17: 14deciding if software is considere
Page 18 and 19: 16SPAM, the Annoying Culprit on the
Page 20 and 21: 18Figure 4: The distribution of spa
Page 23 and 24: “wire-once” settings pool bare-
Page 25 and 26: San Francisco, CA. McKesson has dou
Page 27 and 28: 3. Consistency:It means that the be
Page 29 and 30: Mathematics Operations in BinaryNum
Page 31 and 32: compare the difference between a bi
Page 33 and 34: divided, it will remain as remainde
Page 35 and 36: Criteria is in a better spot to pro
Page 37 and 38: ASPECTS PLAN EXECUTE ANALYSISObject

MyCERT 3rd Quarter 2011 Summary Report - CyberSAFE Malaysia

Create successful ePaper yourself

Delete template?

Save as template?