Introduction
National Cyber Coordination and Command Centre (NC4) continuously monitor the cybersecurity threat level in Malaysia. In view of the recent development involving a sensitive video parody, it has come to our attention that a campaign to attack and deface Malaysian websites has been launched. NC4 would like to remind System Administrators and Network Administrators to implement sufficient cybersecurity measures to ensure that systems and networks are secure at all times.
Impact
Possible information leakage and service disruption.
Impacted Platforms
All operating systems, web servers and online services.
Brief Description
NC4 has observed an increase of various attack attempts targeting numerous organisations in Malaysia and attack campaigns in the last few days in response to the sensitive video parody incident. The attacks could be in the form of web defacement and Distributed Denial of Service (DDoS). The planned attack is scheduled to be from 29th December 2020 until 5th January 2021.
Therefore, organisations are urged to take the necessary actions to prevent your organisation from becoming the next victim of these attacks.
Recommendation
Organisations and Security Operation Centres are advised to take the following actions:
- Update your critical assets with the latest security patches and updates;
- Do not open or click on unsolicited mails and links with/without attachments;
- Ensure that anti-virus/anti-malware signatures are up to date and functioning;
- Never follow links from untrusted sources, which could possibly lead to security attacks, computer virus infection or even identity or account information theft;
- Disconnect your computer from the Internet when it is not in use;
- Review your firewall logs and other security devices for anomalies from time to time;
- Review your firewall and other security devices configurations from time to time;
- Block or restrict access to every port such as port 3389 (RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available;
- Make sure loggings of systems and servers are always enabled;
- Make sure your website administrator’s password is strong and secured. Change the password if needed;
- Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, the backup must be done daily, on a separate media and stored offline at an alternate site;
- Shut down all workstations before leaving your office;
- If you suspected that your servers have been compromised, isolate your server, reset all usernames and passwords and initiate incident handling;
- Perform hardening on all your Internet facing applications;
- Monitor your environment closely for any anomalies; and
- Report any anomalies happening within your network and enterprise environment immediately to NC4.
29-12-2020