Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
6 February 2025     Alert

MA-1254.022025: MyCERT Alert - Recent Cyber Attacks Targeting Malaysia: Recommendations and Security Best Practices

1.0 Introduction
The Cyber999 Incident Response Centre recently received an increasing number of cyber incidents launched by the Threat Actor (TA) named “INDOHAXSEC”. These attacks target both the government and private sector organisations in Malaysia. The incidents involved data breaches, credential compromise, and web defacements. The objectives behind these cyberattacks appear to be the dissemination of hate messages aimed at Malaysia and the disruption of online services within the country.

2.0 Impact

  • Impact on Government reputation and operation
  • Commercial risk through disclosure of commercially sensitive information to third parties
  • Disruption to operations and critical online services 
  • Potential breach of personal data
  • Loss of data integrity


3.0 Recommendations
The following are best practices and recommendations for System Administrators:

The following are best practices and recommendations for System Administrators:

  • Ensure that systems, applications, and third-party add-ons are updated with the latest upgrades and security patches. If you are running older versions of operating systems or software, upgrade it to the latest version, as older versions are more vulnerable and can be easily manipulated by intruders. Additionally, to maintain security, apply patches to your web-based applications and network-based appliances. 
  • Refer to your respective vendors' websites for the latest patches, service packs and upgrades. Otherwise, you may also refer to the below link for the latest advisories on security patches and upgrades that we publish:
  • Update the Anti-virus software running on hosts and email gateways with the latest signature files. Ensure the settings are configured to scan all files to detect potential threats and maintain optimal protection.
  • Configure systems properly to avoid incidents such as information disclosure and directory listing due to system misconfiguration.
  • Always enable logging systems and server activities and keep them in a sufficient period.
  • Regularly backup critical information to minimise the impact of data or system loss and to accelerate the recovery process. Perform daily backup to separate media and store them offline at an alternate site.
  • It is recommended that organisations apply a defence-in-depth strategy to protect their networks. Firewalls, intrusion prevention systems (IPS), and network and host-based intrusion detection systems (IDS) can prevent and log most generic attacks.
  • Data Centres and Web Hosting Companies should beware of any software or third-party add-ons they are running by applying the latest patches or upgrades to prevent intrusions that may exploit unpatched applications.
  • Organisations must ensure the contact information of System Administrators is made available in the event of a security incident at or originating from your site.
  • Financial Institutions must be vigilant against phishing and fraudulent activities targeting Internet banking. Customers must be adequately advised to avoid becoming victims of these scams by applying safe browsing, email, and Internet banking practices.
  • System Administrators must immediately report any suspicious activities they observe in systems and networks under their administrations to the relevant authorities and seek assistance. Incidents can be reported to the Cyber999 Incident Response Centre through the reporting channels provided at the end of the page, and we will respond accordingly. To report any critical incident, call Cyber999 via the 24x7 On Call Incident Reporting channel.


CyberSecurity Malaysia has published several advisories related to data breaches and web defacement containing security best practices and guidelines: 

Please follow the best practices and guidelines accordingly to prevent any unwanted incidents from occurring.

For further enquiries about this Security Alert or to report a security incident, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web:  https://www.mycert.org.my

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PRIVACY NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed