Contributors - CyberSecurity Malaysia

More documents

Recommendations

Info

4.MyCERT 4th Quarter 2009 SummaryReportIntroductionThis Quarterly summary provides an overview of activitiescarried out by MyCERT related to computer securityincident handling and trends based on security incidentshandled by Malaysia CERT (MyCERT), a department withinCybersecurity Malaysia. The summary highlights. Thesummary highlights statistics of categories of incidentshandled by MyCERT in Q4 2009, security advisoriesreleased to MyCERT’s constituents, the Malaysian Internetusers, and other activities carried out by MyCERT staff. Dotake note that the statistics provided in this report reflectonly the total number of incidents handled by MyCERT andnot elements such as monetary value or repercussion of theincidents. Computer security incidents handled by MyCERTare those that occur or originate within the Malaysiandomain or IP space. MyCERT works closely with other localand global entities to resolve computer security incidents.targeting local brands such as the Maybank2U.com andCimbclicks.com.MyCERT handles both the source of the phishing emails aswell as the removal of the phishing sites by the affectedInternet Service Providers (ISPs).We also received a small number of reports from victims ofphishing scams out there where their money were illegallytransferred to third party accounts without their knowledge.However, we advised the victims to refer the matter to theLaw Enforcement Agency and to the respective banks forfurther investigation.Incidents Trends Q4 2009From October to December 2009, MyCERT, via itsCyber999 service, handled a total of 922 incidents.These incidents were referred to MyCERT by users in it’sconstituency, security teams from abroad, in addition toMyCERT’s proactive monitoring efforts.The following graph shows the total incidents handled byMyCERT in Q4 2009.Graph 2: Percentage of Incident Breakdown by Classification inQ4 2009In Q4 2009, system intrusion had recorded high number ofincidents representing 44% out of total incidents handledrespectively. System intrusion incidents are generallyattributed to web defacements. MyCERT observed thatthe main cause of defacements were vulnerable webapplications.The following graph shows the breakdown of domainsdefaced in Q4 2009. Out of the 362 websites defaced inQ4 2009, 70% of them are those with a com and com.myextensions.Defacers generally target web applications that are proneto SQL injection or sites that are not secured.Graph 1: Incident Breakdown by Classification in Q4 2009In Q4 2009, fraud recorded high number of incidentsrepresenting 34% out of total incidents handledrespectively. Fraud incidents are mostly phishing sites oflocal and foreign institutions. In Q4 2009, phishing sitesand phishing emails handled by MyCERT had increased to231 compared to 156 phishing sites and phishing emailsin the previous quarter. Majority of phishing sites wereGraph 3: Percentage of Web Defacement by Domain in Q4 2009
Under the classification of drones and malicious codes, inQ4 2009, MyCERT had handled 15% out of total incidents.Other examples of incidents within these categories areactive botnet controller and hosting of malware or malwareconfiguration files.Advisories and AlertsIn Q4 2009, MyCERT had issued a total of 12 advisoriesand alerts for its constituency. Most of the advisories inQ4 involved popular end user applications such as AdobePDF Reader, Adobe Flash, Microsoft Office Power Point,Mozilla Firefox and Microsoft Internet Explorer. Attackeroften compromise end users computers by exploitingvulnerabilities in users’ application. Generally, the attackertricks the user in opening a specially crafted file (i.e. a PDFdocument) or web page.MyCERT encourages Malaysian Internet users to beconstantly vigilant of the latest computer security threatsand to contact us for assistance.Our contact is:Malaysia Computer Emergency Response Team(MyCERT)E-mail: mycert@mycert.org.myCyber999 Hotline: 1 300 88 2999Phone: (603) 8992 6969Fax: (603) 8945 3442Phone: 019-266 5850SMS: 019-281 3801http://www.mycert.org.my/Please refer to MyCERT’s website for latest updates of thisQuarterly Summary. •5.Readers can visit the following URL on advisories and alertsreleased by MyCERT in 2009.http://www.mycert.org.my/en/services/advisories/mycert/2009/main/index.htmlOther ActivitiesMyCERT staff had been invited to conduct talks and trainingin various locations in Q42009. The following is a brief listof talks and training conducted by MyCERT in Q4 2009:• October 2009 - Conducted Web Security Training atPahang.• November 2009 – Talk on APCERT & CERT Roles in24x7 Threat Monitoring at ASEAN Law EnforcementWorkshop, Bandung, Indonesia.• November 2009 – Conducted Incident ResponseHands On Training for the National CERT of Oman inKuala Lumpur.• December 2009 – Talk on Malicious PDF at FIRSTTechnical Colloquium in Kuala Lumpur.• December 2009 – Conducted Web Security Training atFIRST Technical Colloquim in Kuala Lumpur.• December 2009 – Talk on Automating Uncompressingand Static Analysis of Conficker Worm at Ninth IEEEMalaysia International Conference on Communication2009 in Kuala Lumpur.ConclusionIn Q4 2009, neither crisis nor outbreak was observed.Nevertheless, users and organizations are advised to alwaystake measures to protect their systems and networks fromthreats. MyCERT encourages Malaysian Internet users to beconstantly vigilant of the latest computer security threats.Security is an on going process.e-Security | CyberSecurity Malaysia | Volume 21 - (Q4/2009)
Page 1: Volume 21 - (Q4/2009)“Companies s
Page 6 and 7: 6.USB PortA culprit to ICT Security
Page 8 and 9: 8.Specific device setup classes can
Page 10 and 11: 10.ConclusionReferencesUSB removabl
Page 12 and 13: 12.Figure 9: Interpreting “Active
Page 14 and 15: 14.7. A list of time zone propertie
Page 16 and 17: 16.allowing you to specify which da
Page 18: 18.Guide to Motion Compensation (Ph
Page 21 and 22: Graph 1 shows all the satisfied poi
Page 23 and 24: CyberdatingHow to Have Funbut Stay
Page 25 and 26: find them. If anything goes wrong,
Page 27 and 28: 27.What could be the threats to ena
Page 29 and 30: 29.InternetRadio Frequency Identifi
Page 31 and 32: Common Criteria andNational Cyber S
Page 33 and 34: 33.Case Study: US Government Direct
Page 35 and 36: has caused a US$2.25 million fine t
Page 37 and 38: 37.lewat sampai pada penerima ataup
Page 39 and 40: For instance TM, Malaysia’s large

Contributors - CyberSecurity Malaysia

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?