Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What Happen In Our Backyards? – Cyber Security Threats Landscape by Megat Muazzam

613 views

Published on

Cyber Security Threats in Malaysia. More info www.mynog.org

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

What Happen In Our Backyards? – Cyber Security Threats Landscape by Megat Muazzam

  1. 1. Copyright © 2017 CyberSecurity MalaysiaCopyright © 2017 CyberSecurity Malaysia WHAT HAPPEN IN OUR BACKYARDS? CYBER SECURITY THREATS LANDSCAPE Megat Muazzam Abdul Mutalib Head of MyCERT CyberSecurity Malaysia
  2. 2. Copyright © 2017 CyberSecurity Malaysia 2 Cyber999™ Cyber Early Warning Services Email us at: cyber999@cybersecurity.my REFERENCE CENTRE FOR CYBER SECURITY ASSISTANCE - for all internet users, including home users and organizations Incident Handling Cyber Early Warning Technical Coordina6on Centre Malware Research Center
  3. 3. Copyright © 2017 CyberSecurity Malaysia Services Reac6ve Proac6ve 1.  Incident Response and Handling 2.  Advisories 1.  Watch and Warn / Threat Monitoring 2.  Research and Development 3.  Training and Outreach/Awareness 4.  Cyber Security Crisis
  4. 4. Copyright © 2017 CyberSecurity Malaysia 4 DIGITAL ENVIRONMENT IS ALREADY COMPLEX
  5. 5. Copyright © 2017 CyberSecurity Malaysia CONVERGENCE OF NEW TECHNOLOGIES INTO CYBER SPACE - Add More Complexi6es
  6. 6. Copyright © 2017 CyberSecurity Malaysia 6 WE ARE MOVING INTO A MORE INTERCONNECTED CYBERSPACE
  7. 7. Copyright © 2017 CyberSecurity Malaysia Specific targeted aLack, powerful tool (e.g. Botnet, Stuxnet) Professionals, Criminals Specific Mo6va6on: for economic gain, industrial espionage, cyber terrorism Mo6va6on: for fun, peer recogni6on, pres6ge Script kiddies, crackers Large scale, wide spreading incident (e.g. virus, worm outbreak) EVOLVING CYBER THREATS ALSO 7 The More We’re Interconnected To The Cyber Space, The More We Are At Risk To Cyber Threats … CYBER THREATS EVOLVES WITH TECHNOLOGY 7
  8. 8. Copyright © 2017 CyberSecurity Malaysia 6 MISUSE OF CYBER SPACE 14,608 Cyber Security Incidents Reported TREND OF MALAYSIA CYBER SECURITY THREATS IN 2016 - 2017 (AS OF 30 SEPTEMBER 2017) 1,580,014 Spam Emails CYBER HARASSMENT FRAUD! 5,353,050 Malware & Botnet Drones Infections Info: www.mycert.my
  9. 9. Copyright © 2017 CyberSecurity Malaysia 9 Cyber Security Emergency Services CYBER SECURITY INCIDENT (1997 – 2016) Incident Category §  Intrusion §  Intrusion ALempt §  Spam §  DOS §  Cyber Harassment §  Fraud §  Content Related §  Malicious Code § Vulnerabili6es Report As of 31th December 2016 0 2000 4000 6000 8000 10000 12000 14000 16000 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 115 342 728 503 932 739 947 915 835 1372 1038 2123 3564 8090 15218 9986 10126 11918 9915 8334
  10. 10. Copyright © 2017 CyberSecurity Malaysia 2012 2013 2014 2015 2016 2017 TOTAL Banking & Finance 852 1476 1868 954 922 211 6156 Emergency services 0 1 0 0 0 0 1 Energy 21 12 17 11 19 4 81 Food & Agriculture 1 1 1 2 13 5 20 Government 170 74 92 110 164 45 625 Health 5 2 6 6 33 4 55 InformaTon & CommunicaTon 882 592 213 40 172 753 2077 NaTonal Defense & Security 2 2 2 2 5 3 13 TransportaTon 1 6 6 14 39 9 73 Water 0 0 0 0 3 0 3 Total 1934 2166 2205 1139 1370 290 9104 10 CYBER INCIDENTS BY SECTOR (2012-2017) Source : www.mycert.org.my 0 200 400 600 800 1000 1200 1400 1600 1800 2000 2012 2013 2014 2015 2016 2017
  11. 11. Copyright © 2017 CyberSecurity Malaysia 0 100 200 300 400 500 600 700 800 900 1000 JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC VulnerabiliTes Report Spam Malicious Codes Intrusion A]empt Intrusion Fraud Denial of Service Cyber Harassment Content Related 11 Source : www.mycert.org.my Incident Reported 2017 1. Fraud 2. Intrusion 3. Malicious Code Top 3 incidents: Total Incident Reported : 5484 612 627 578 759 741 648 611 908
  12. 12. Copyright © 2017 CyberSecurity Malaysia 12
  13. 13. Copyright © 2017 CyberSecurity Malaysia Cyber Security Incident (1 Jan -30 Sept 2017)
  14. 14. Copyright © 2017 CyberSecurity Malaysia 14 MALAYSIANS ARE VULNERABLE TO CYBER FRAUDS One in three Malaysian internet users have personally experienced cybercrime in the past year - Norton Cybersecurity Insights Report 2016
  15. 15. Copyright © 2017 CyberSecurity Malaysia 15 What we have seen in year 2017 Jan Feb Mar April May Jun July Aug Sept Oct Nov Dec NotPetya Ransomware WannaCry Ransomware Armada CollecTve DDOS ExtorTon Threats SEA GAMES 2017 Cyber Threats MS Security BulleTn MS17-010-CriTcal ShadowBrokers Leaks Mirai / Hajime IoT A]ack DLINK 850L VulnerabiliTes Disclosure Malaysian Data Breach Leak WPA2 Key ReinstallaTon Vuln Bad Rabbit Ransomware
  16. 16. Copyright © 2017 CyberSecurity Malaysia 16
  17. 17. Copyright © 2017 CyberSecurity Malaysia 17 h]ps://intel.malwaretech.com/botnet/mirai/?t=24h&bid=all Mirai Botnet Infection
  18. 18. Copyright © 2017 CyberSecurity Malaysia 18 List of vectors found in source code. The passwords come from the botnet's source code
  19. 19. Copyright © 2017 CyberSecurity Malaysia 19 Botnet Infection (Mirai) – Feeds ShadowsServer timestamp ip port asn geo region city type infection cc_port sector 06/10/16 20:34 175.140.34.125 59618 4788 MY SELANGOR BATU CAVES tcp mirai 23 Communications 06/10/16 20:34 175.143.31.47 44890 4788 MY JOHOR JOHOR BAHRU tcp mirai 2323 Communications 06/10/16 20:34 175.138.96.207 49327 4788 MY PULAU PINANG BAYAN LEPAS tcp mirai 23 Communications 06/10/16 20:34 175.137.113.161 43219 4788 MY SELANGOR PETALING JAYA tcp mirai 23 Communications 06/10/16 20:34 210.195.225.180 39140 4788 MY SELANGOR PETALING JAYA tcp mirai 23 Communications 06/10/16 20:34 180.73.137.109 44395 38322 MY JOHOR JOHOR BAHRU tcp mirai 23 Communications 06/10/16 20:34 60.53.250.86 47455 4788 MY SELANGOR KLANG tcp mirai 23 Communications 06/10/16 20:34 175.141.3.148 30351 4788 MY SELANGOR BATU CAVES tcp mirai 23 Communications 06/10/16 20:34 61.6.26.177 44379 9930 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 175.143.60.118 34479 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 175.142.226.24 35367 4788 MY SELANGOR PETALING JAYA tcp mirai 23 Communications 06/10/16 20:34 60.51.5.77 6561 4788 MY SELANGOR PETALING JAYA tcp mirai 23 Communications 06/10/16 20:34 175.143.13.45 46603 4788 MY PULAU PINANG BUKIT MERTAJAM tcp mirai 23 Communications 06/10/16 20:34 175.138.7.109 63906 4788 MY PULAU PINANG LORONG SERI AMAN 3 - 5 tcp mirai 23 Communications 06/10/16 20:34 175.142.35.185 38887 4788 MY PULAU PINANG LEBUH DOWNING tcp mirai 23 Communications 06/10/16 20:34 180.74.42.85 13365 38322 MY SELANGOR SERI KEMBANGAN tcp mirai 23 Communications 06/10/16 20:34 175.143.12.24 16829 4788 MY PULAU PINANG BUKIT MERTAJAM tcp mirai 23 Communications 06/10/16 20:34 175.140.172.2 2953 4788 MY SELANGOR KAJANG tcp mirai 23 Communications 06/10/16 20:34 175.140.67.91 24143 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 1.9.181.176 33837 4788 MY JOHOR JOHOR BAHRU tcp mirai 23 Communications 06/10/16 20:34 175.141.1.44 55026 4788 MY SELANGOR BATU CAVES tcp mirai 23 Communications 06/10/16 20:34 175.138.53.132 64299 4788 MY SELANGOR SHAH ALAM tcp mirai 23 Communications 06/10/16 20:34 210.187.211.133 19866 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 2323 Communications 06/10/16 20:34 14.1.202.6 30232 45960 MY SELANGOR RAWANG tcp mirai 23 Communications 06/10/16 20:34 115.134.218.78 52553 4788 MY SELANGOR PUCHONG tcp mirai 23 Communications 06/10/16 20:34 60.49.99.100 42098 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 175.138.83.177 38318 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 103.234.101.222 51511 132435 MY SELANGOR SHAH ALAM tcp mirai 23 Communications 06/10/16 20:34 175.136.214.215 31311 4788 MY WILAYAH PERSEKUTUAN KUALA LUMP KUALA LUMPUR tcp mirai 23 Communications 06/10/16 20:34 175.144.148.96 6820 4788 MY PULAU PINANG PERAI tcp mirai 23 Communications 06/10/16 20:34 175.141.221.126 50892 4788 MY NEGERI SEMBILAN SEREMBAN tcp mirai 23 Communications 06/10/16 20:34 118.100.80.27 34145 4788 MY SELANGOR PETALING JAYA tcp mirai 23 Communications
  20. 20. Copyright © 2017 CyberSecurity Malaysia 20 Automation of escalation
  21. 21. Copyright © 2017 CyberSecurity Malaysia Security Feeds Information 21 5021 56036 5336 15 83766 209 1106 10425 3 5395 9527 5207 144957 2851 7 0 20000 40000 60000 80000 100000 120000 140000 160000 Mirai infec6on CC-Port Scan Detected Jan - April 2017 Count 228220, 69% 83781, 26% 408, 0% 17452, 5% Infec6on Type by Variant Mirai Mirai-Botnet Mirai#14 Mirai Wget Download Year Total Mirai Infec6on 2016 149335 2017 305740
  22. 22. Copyright © 2017 CyberSecurity Malaysia Botnet Feeds Automated Escalation Process LebahNET Sensor Centralized System Cyber999 22
  23. 23. Copyright © 2017 CyberSecurity Malaysia 23 Source infographic: www.pinterest.com Source: Symantec
  24. 24. Copyright © 2017 CyberSecurity Malaysia 24 1 2 0 0 25 43 3 21 23 18 3 6 0 10 20 30 40 50 60 70 CNII Corporate Company EducaTon Home user 2016 2015 2014 Ransomware statistic and footprint – Reported to CSM:Cyber999 (2014-2016) Year # of incidents 2014 3 2015 92 2016 80 2017 (as of September) 111 Observed ransomware Date detected / reported CrytpoLocker 9 October 2013 CryptoWall 7 August 2014 CTB-Locker 24 January 2015 TeslaCrypt 15 April 2015 TorrentLocker 19 April 2015 Locker v5.30 25 May 2015 AlphaCrypt 2 Jun 2015 Cerber 31 March 2016 Locky 18 March 2016 Troldesh (Shade or XTBL) 23 May 2016 UltraCrypter 31 May 2016 .777 Ransomware 2 June 2016
  25. 25. Copyright © 2017 CyberSecurity Malaysia 25 The situa6on with WannaCry / Wcry / WannaCrypt
  26. 26. Copyright © 2017 CyberSecurity Malaysia 26 Malware tracking by MalwareTech What Happened?
  27. 27. Copyright © 2017 CyberSecurity Malaysia What to do if infected? 27 Immediately isolate infected system from the network • Temporary disable all network shared drives in the network Alert/report to CSM / Cyber999 Backup all .WNCRY files on the hard drive for offline usage once the decrypTon keys are available. The decrypTon process can apply to restore the files . Used undelete sonware to recover encrypted files. Install an anT-ransomware sonware removal tools suggested: Windows Defender, Microson Safety Scanner, reputable AnTvirus removal tools, scan the infected system and clean it. Reinstall the Windows OS with latest patch. Restore from the last backup. If any backup available.
  28. 28. Copyright © 2017 CyberSecurity Malaysia 28 h]ps://www.mycert.org.my/en/services/ advisories/mycert/2017/main/detail/ 1263/index.html h]p://www.cybersecurity.my/ data/content_files/44/1674.pdf SIARAN MEDIA 16 MEI 2017 UNTUK SIARAN SEGERA PERKEMBANGAN ISU ‘RANSOMWARE WANNACRY’ SERI KEMBANGAN (16 MEI 2017) - CyberSecurity Malaysia, agensi pakar keselamatan siber nasional di bawah Kementerian Sains, Teknologi dan Inovasi (MOSTI) ingin memaklumkan perkembangan semasa mengenai serangan 'Ransomware WannaCry' yang melanda dunia pada 12 Mei 2017. Perkembangan adalah seperti berikut: - 1. CyberSecurity Malaysia telah menerima satu (1) laporan rasmi daripada institusi akademi dan beranggapan bahawa terdapat lebih banyak insiden yang tidak dilaporkan. 2. Kami ingin menggesa semua organisasi (pentadbir sistem) untuk berwaspada dan meneruskan tindakan yang perlu untuk melindungi dan menjamin infrastruktur rangkaian mereka daripada terjejas; 3. Pentadbir sistem digesa untuk patch sistem komputer mereka dan mengingatkan pengguna mereka agar sentiasa berwaspada mengenai serangan Ransomware baharu untuk menghalang mereka daripada memetik (klik) pautan yang dihantar bersama e-mel yang mencurigakan / fail. 4. Orang awam boleh merujuk kepada amaran serta nasihat CyberSecurity Malaysia menerusi laman web korporat di bawah MyCERT sebagai langkah pencegahan:- https://www.mycert.org.my/en/services/advisories/mycert/2017/main/detail/1263/inde x.html 5. Kami ingin menggesa orang ramai (organisasi dan pengguna individu) untuk melaporkan apa jua serangan Ransomware kepada CyberSecurity Malaysia dengan menghubungi pusat bantuan Cyber999. Laporan boleh dilakukan melalui saluran berikut: • E-mel: cyber999@cybersecurity.my atau mycert@mycert.org.my h]p://www.cybersecurity.my/ data/content_files/44/1680.pdf Alert and Advisory (WannaCry) h]ps://www.mycert.org.my/assets/xml/news.rss
  29. 29. Copyright © 2017 CyberSecurity Malaysia §  Flag blunder in the Kuala Lumpur SEA Games souvenir booklet (escalated to cyber attack) 29 •  Cyber999 received incident (from 20 August) •  Type of cyber attack:- 1)  Web Defacement 2)  Confidential Info Leak 3)  Distributed Denial of Service (DDOS) attacked
  30. 30. Copyright © 2017 CyberSecurity Malaysia 30 TRENDS OF HACKTIVISM IN MALAYSIA - Traditional conflicts are spread Into cyberspace
  31. 31. Copyright © 2017 CyberSecurity Malaysia 31 h]ps://www.mycert.org.my/en/services/ advisories/mycert/2017/main/detail/ 1281/index.html h]p://www.cybersecurity.my/ data/content_files/44/1716.pdf Media Release and Alert (SEA GAMES KL)
  32. 32. Copyright © 2017 CyberSecurity Malaysia Malware Research Centre (MRC) Emerging Threats LebahNet Project Malware Research Threats Visualiza6on Advisory & Alerts EXPLOIT Projects/Activities Malware Sandbox PDF Analyzer AntiPhishing Portal Malicious PHP Analyzer .My Malware Project PHP WebApp IPS DNS Watch – Site detecTon DontPhishMe Cyber999 App
  33. 33. Copyright © 2017 CyberSecurity Malaysia NATIONAL CYBER SECURITY POLICY POLICY Formula6ng & Coordina6ng Policy NATIONAL SECURITY COUNCIL NATIONAL CYBER SECURITY AGENCY (NACSA) LAW ENFORCEMENT AGENCIES & REGULATORS Preven6ng & Comba6ng Terrorism through Law Enforcement §  ROYAL MALAYSIAN POLICE §  BANK NEGARA MALAYSIA §  MALAYSIAN COMMUNICATION & MULTIMEDIA COMMISSION TECHNICAL SUPPORT Providing Technical Supports & Services CYBERSECURITY MALAYSIA Cyber Security Eco System in Malaysia §  Government Agencies §  Critical Information Infrastructure §  Internet Service Providers §  Industry §  Academia §  Cyber Security Professionals §  Public
  34. 34. Copyright © 2017 CyberSecurity Malaysia 34 CyberSecurity Malaysia: Operational Services – CyberDEF services (latest product)
  35. 35. Copyright © 2017 CyberSecurity Malaysia REPORTING CHANNEL
  36. 36. Copyright © 2017 CyberSecurity Malaysia CONCLUSION AND WAY FORWARD 36 §  Our approach to cope with emerging new technologies should be equally intelligent by adopting holistic strategy and through the use of new cyber tools §  To effectively apply cyber security fundamentals with innovative features and techniques §  Strengthening Public-Private-Academia Partnership and International Collaboration §  To evolve in parallel with technology by enhancing: Ø Sharing of Information amongst relevant parties Ø Cyber Incidents Response and Coordination Ø Innovative & Collaborative Research Ø Capacity Building Ø Cyber Security Awareness and Education
  37. 37. Copyright © 2017 CyberSecurity MalaysiaCopyright © 2017 CyberSecurity Malaysia

×