ALERT NOTICE

Introduction

National Cyber Cyber Security Agency (NACSA) has detected various attack attempts targeting numerous organisations in Malaysia recently. The type of attacks detected varies; including Intrusion, Intrusion Attempts, Distributed Denial of Service (DDoS), Web Defacement and Malware Infections.

Impact

Information leakage, information loss, service disruption and integrity of information compromised.

Affected Platforms

All operating systems, web servers and online services.

Brief Description

Based on our monitoring for the past few days, we noticed significant increment of cyber attacks towards Malaysian organisations both in the government and private sectors. The attacks were in the form of web defacement, email phishing and DDoS. Organisations and individuals alike are urged to take the necessary actions to prevent from falling victim to these attacks.

Recommendation

Organisations and individuals are advised to take the following actions:

1. Update your critical assets with the latest security patches and updates;
2. Do not open or click on unsolicited mails and links with/without attachments;
3. Ensure that anti-virus/anti-malware signatures are up to date and functioning;
4. Block or restrict access to every port such as port 3389 (RDP), port 5900 (VNC) and port 22 (SSH) and services except for those that should be publicly available;
5. Review your user credentials list for any new additional unknown user;
6. Monitor your environment closely for any anomalies;
7. Check whether your organisation's credentials have been exposed in pastebin; and
8. If you suspected that your credentials have been compromised, reset all usernames and passwords.

07-05-2018