ALERT

Introduction

National Cyber Security Agency (NACSA), National Security Council (NSC) always monitor the current cyber threat level in Malaysia. It has come to our attention of ongoing scam campaigns and phishing attacks leveraging the current Coronavirus (COVID-19) global scale health crisis to steal sensitive information and delivering malware. NACSA has also discovered that, with the latest development in our political scene, several files were circulated that have potential threat to the end users and an increased activities by local hacktivist groups taking advantage of the current political situation.

Impact

Web defacement, malware infection, login credentials and sensitive information stolen.

Brief Description

The U.S. Federal Trade Commission (FTC) and The World Health Organization (WHO) has discovered there’s an active campaign using fake email messages, texts messages and social media posts attempting to take advantage of the 2019 novel coronavirus (COVID-19) emergency. These phishing could appear to be from a legitimate organisations such as WHO, and will ask you to:

1. give sensitive information, such as usernames or passwords;
2. click a malicious link;
3. open a malicious attachment;
4. donate to victims; and
5. offering advice on unproved treatments.

With the latest development in our local political scene, NACSA have also discovered that several documents have been circulated especially in text messaging service like WhatApps regarding the formation of New Cabinets. While it was intended to be a prank, NACSA didn’t rule out the tactics will be used by any threat actors to lure victims to gain information and to take over victim devices.

NACSA has also observed that there’s an increased activities from local hacktivist group taking advantage of current political situation by launching web defacement on vulnerable servers as a sign of protest.

Recommendation

NACSA advises everyone to take the following actions:

1. Do not open or forward any suspicious files/documents forwarded from text messaging service or email especially regarding the list of Malaysia’s “New Cabinets”;
2. Always verify any information received from emails, text messages and social media posts regarding COVID-19 and WHO;
3. Verify with the sender of any link included within an email before clicking;
4. Do not open any suspicious links or emails especially claiming to be from WHO;
5. Do not send any money or donation to any bank account associate with the scam;
6. Do not visit any untrusted websites;
7. Do not simply enter personal information such as email address or password whenever you are requested to do so;
8. Change your password if you think it has been compromised;
9. Update your mobile and computer operating system and applications regularly;
10. Apply latest patches for your system and application to protect from being exploited;
11. Monitor your organisation’s network activities and block any malicious IP attempting to exploit your server and network;
12. If you suspect that you have been a victim of scam, please contact law enforcement agency; and
13. Report to NACSA if you’re server has been breached or defaced.

Reference

1. FTC Warns of Ongoing Scams Using Coronavirus Bait
   https://www.bleepingcomputer.com/news/security/ftc-warns-of-ongoing-scams-using-coronavirus-bait/
2. Beware of criminals pretending to be WHO
   https://www.who.int/about/communications/cyber-security

28-02-2020