MyCERT sees spike in webface defacements
20th April 2005 (The Star)

PETALING JAYA: Website defacements grabbed all the attention, as far as security incidents in the first three months of this year were concerned, according to the Malaysian Computer Emergency Response Team (MyCERT).

Describing the first quarter of the year as "hectic," MyCERT recorded that it received an "overwhelming number of reports" on local website defacements, which caused the sharp increase in computer intrusions reported.

A total of 256 intrusions - most of them defacements - were reported, which was a huge increase over the 42 intrusions reported in the previous quarter, MyCERT said in its quarterly security summary for the first quarter of 2005.

In all, 216 websites were defaced from March 6 to 21, it said. Most of the attacks on local websites were a result of recent regional tension involving Malaysia and Indonesia.

During that period, MyCERT issued two alerts on the mass defacements, which also received serious attention from the Government.

MyCERT said the crisis was "handled successfully," with a significant decrease in defacements observed from March 15 as tensions subsided.

The Indonesian Computer Emergency Response Team also played a part in reducing the volume of attacks, by responding to MyCERT's request that it urge Indonesian hackers to stop defacing Malaysian websites, MyCERT said.

A majority of the intrusions were made possible by vulnerable and unpatched services running on computer servers, it said.

Website defacements involving Linux machines were due to the use of older versions of Apache webserver, PHP scripts and OpenSSL. PHP is a scripting language, while OpenSSL is an Open Source toolkit for implementing the Secure Sockets Layer (SSL) protocol.

For web servers running Microsoft's Internet Information Server (IIS), web defacements were commonly due to several unpatched vulnerabilities, including the Microsoft IIS extended Unicode directory traversal and Microsoft FrontPage Server Extension vulnerability, MyCERT said.

Other threats

Hack attempts also increased in the first three months of the year. A total of 41 reports on hack attempts were received, compared with 21 reports in the previous quarter, MyCERT said.

Incidents of harassment decreased compared with the previous quarter, with the majority involving harassment via e-mail, in chatrooms and web forums.

Most of the incidents were reported to the authorities for further investigation, said MyCERT, adding that it was also involved in assisting law enforcement agencies, including the police, Attorney General's office, and the Malaysian Communications and Multimedia Commission, in investigating some of the incidents.

Forgery incidents, including phishing scams and e-mail forgery, also decreased. MyCERT said reported phishing attempts involved both local and foreign banks.

While the spotlight was on web defacements, spam remained the top security headache for IT administrators and e-mail users, with a total of 3,683 incidents reported in the first quarter of the year.

MyCERT received three reports of Denial-of-Service (DoS) attacks in the quarter, compared with a single report in the previous quarter. Such attacks have decreased in "popularity" over the last several years, it said. - RASLAN SHARIF