Cyber999 Advisories

1.0 Introduction

The Cyber Incident Quarterly Summary Report – Q4 2023  provides an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia in Q4 2023. This quarterly Cyber Incident Report also highlights statistics of incidents dealt with by Cyber999 Incident Response Centre in Q4 2023 according to their categories, as well as the list of security advisories released in this quarter. It should be noted that the statistics provided in this report reflect only the total number of incidents reported and handled by the Cyber999 Incident Response Centre, excluding elements such as monetary value or aftermaths of the incidents. Computer security incidents handled by the Cyber999 Incident Response Centre involved IP addresses and domains originating from Malaysia.  We also work closely with ISPs, CERTs, Special Interest Groups (SIGs) and Law Enforcement Agencies (LEAs), from local and international, to remediate and mitigate computer security incidents in Malaysia.

2.0 Trends Q4 2023

The number of Malaysian Internet users in Malaysia has increased to 33.03 million at the start of 2023. As of January 2023, Malaysia’s estimated number of social media users is 26.80 million, equating to 78.5 percent of the total population. 

In general, the Cyber999 Incident Response Centre receives incident reports from local individuals, including Internet users and members of the public, as well as from industries, government, academia, and non-profit organisations (NGOs). We also proactively seek and gather insights on cyber threats that could impact Internet users and organisations in Malaysia and aid in mitigating these threats.

The Cyber999 Incident Response Centre received 1,556 incidents in Q3 2023. In comparison, Q4 2023 received 1,536 incidents, indicating a 1% decrease compared to Q3 2023.

Tables 1 to 3 below provide details of the incidents reported in Q3 and Q4 2023.

Table 1: Comparison of total incidents between Q3 and Q4 2023

Table 2: Number of incidents based on months in Q4 2023

Table 3: Number of sub-categories of incidents based on months in Q4 2023

Figure 1 illustrates and provides an overview of the number of incidents reported in Q4 2023 in a chart. Figure 2 illustrates the percentage of incidents based on their classification.

Figure 1: Breakdown of reported incidents from Oct to Dec 2023

Figure 2: Percentage of reported incidents by classification

Based on the above statistics, there is a trend in which a few incidents reported to us have increased in Q4 2023 compared to Q3 2023, with two incidents (Spam and Vulnerabilities Report) remaining low. The data breach incident increased 7% from Q3 2023. For the total incident of Q4 2023, the most reported incident is fraud, representing (59.7%) of the total reported incidents to us. This is followed by data breaches attempts(13.41%) and intrusion incidents (9.51%).

Based on the current trends, data breach incidents will most likely continue to grow in Malaysia in 2023. They will always be among the top three reported incidents to the Cyber999 Incident Response Centre if organisations and Internet users do not take proper security measures to prevent data breaches. 

The types of data breaches reported to us are as in the below table:

Table 4: Reported data breach incidents 

Meanwhile, for fraud incidents besides phishing URLs, new tactics and techniques of current scams that concatenate social engineering and malicious code could potentially continue to grow in Malaysian cyberspace. 

2.1 Top Fraud Incidents Reported by Malaysian Internet Users to CyberSecurity Malaysia

Scam activities and fraud continuously prevail within the community, targeting various citizens, from students to professionals. It has become a preferred method of criminals as awareness is still lacking among the public, making them an easier target. A total of 917 fraud incidents were handled in this quarter, representing a decrease of 7% compared to Q3 2023. All the incidents were received from organisations and public users. The top fraud incidents reported to the Cyber999 Incident Response Centre are as follows:

• Phishing
• Impersonation and Spoofing
• Fraudulent website
• Job scam
• Bogus email
• Business email compromised – BEC scam

According to the Royal Malaysia Police’s (PDRM) commercial crimes investigation department (CCID), a total of 71,833 scams, amounting to more than RM5.2 billion in losses, were reported from 2020 until May 2022 [2]. Therefore, Internet users and organisations must be vigilant when conducting online transactions or performing e-commerce transactions to avoid becoming victims of online fraud.

2.2 Top Malware Infection in Malaysia

Top malware incidents include malware-hosting, ransomware, malicious APK, backdoors and trojans. Among these incidents, the top reported malware incident is related to malicious APK. This type of incident is typically received from banking users who directly report to local financial institutions. 

Types of malicious APK-based modus operandi are:

• Durianking APK
• Home services apk
• Parcel APK
• Easy buy APK
• Streaming apk
• Groceries apk
• Divedeal apk
• Durian apk
• Scam Digi
• Scam Celcom
• Mall apk
• BNM apk

Users must be vigilant and keep systems up to date with the latest patches and security updates to prevent unwanted incidents. The second top-reported incident within the malware category is malware hosting. This category of malware-hosting affected vulnerable servers with IP addresses originating from Malaysia. These incidents are usually received from foreign entities, such as Anti-virus vendors and Special Interest Groups. System Administrators must be vigilant and always keep systems up-to-date with the latest patches and security measures to prevent unwanted incidents. 

Nevertheless, ransomware incidents decreased in Q4 2023 compared to the previous quarter. For Q3 2023, we received 9 incidents, while for Q4 2023, we received 19 incidents, indicating an increase of 111% compared to Q3 2023. Ransomware is malicious software (malware) that infects a computer and restricts access until the requested ransom is paid. Our finding identified that ransomware incidents frequently occur among business organisations, and the incidents are reported mainly by commercial businesses, consistent with the Verizon DBIR 2022, which reported that organisations, including businesses, are most impacted by ransomware across the globe. It is also considered the costliest attack among other threats, involving the cost of recovering the whole data and rectifying infected machines. 

Based on the current trends, ransomware incidents will most likely continue to grow in Malaysia in 2023. Organisations and Internet users must always take proper security measures against ransomware incidents. 

Types of ransomware variants reported to Cyber999 Incident Response Centre in Q4 2023 are: 

• Lockbit Black ransomware
• Akira ransomware
• BlackCat/ALPHV ransomware
• Malloc ransomware
• Makop ransomware
• VietnamPav ransomware
• Inc ransomware
• STOP/DJVU ransomware
• Lockbit v3 Black (CryptomanGizmo)

Below is the list of top malware that infected computers belonging to individuals and organisations in Malaysia, as reported to Cyber999 Incident Response Centre in Q4 2023:

• avalanche-andromeda 
• socks5systemz 
• adload 
• pseudomanuscrypt
• vipersoftx       
• downadup       
• sality   
• sinkhole          
• qsnatch            
• smb-scan

Good backup management, password security and cyber security awareness are essential in combating ransomware and other types of malware. Everyone needs to implement the backup procedure, policy, and best practices. Providing awareness campaigns to ensure users are up to date with the latest cyber threat landscapes and conducting organisation-level tabletop exercises to challenge user understanding is among the best efforts to improve an organisation’s cybersecurity.

3.0 Security Advisories and Alerts Released in Q4 2023

In Q4 2023, we issued 24 advisories and 9 alerts involving Mozilla, Microsoft, Apple, VMware security updates, etc. The alert and advisory come with descriptions, recommendations, and references. Highlights of advisories and warnings for this quarter are:

Advisories: 

1. MA-976.102023: MyCERT Alert - Telegram Phishing Impersonate MyKasih Sumbangan Asas Rahmah (SARA)
2. MA-977.102023: MyCERT Alert - Fake Midvalley Shopping Mall Facebook Message Containing a Fake Website
3. MA-978.112023: MyCERT Advisory - Multiple Vulnerabilities in Kubernetes Ingress Controller
4. MA-979.112023: MyCERT Advisory - VMware Releases Advisory for VMware Tools Vulnerabilities
5. MA-980.112023: MyCERT Advisory - Critical Vulnerability in Confluence Server and Data Center
6. MA-981.112023: MyCERT Advisory - Microsoft's Monthly (Oct 2023) consolidated tech and security patches update
7. MA-982.112023: MyCERT Advisory - Critical Vulnerability in F5 BIG-IP Product
8. MA-983.112023: MyCERT Alert - Cyber Security Best Practices for System Administrators and Internet Users
9. MA-984.112023: MyCERT Advisory - Cisco Releases Security Advisories for Multiple Products
10. MA-985.112023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products
11. MA-986.112023: MyCERT Advisory - Microsoft Releases November 2023 Security Updates
12. MA-987.112023: MyCERT Advisory - Fortinet Releases Security Updates for FortiClient and FortiGate
13. MA-988.112023: MyCERT Advisory - VMware Releases Security Update for Cloud Director Appliance
14. MA-989.112023: MyCERT Alert - CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware
15. MA-990.112023: MyCERT Advisory - Mozilla Releases Security Updates for Firefox and Thunderbird
16. MA-991.112023: MyCERT Advisory - Adobe Releases Security Updates for ColdFusion
17. MA-992.112023: MyCERT Advisory - Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed
18. MA-993.112023: MyCERT Alert - Cyber Security Best Practices against Ransomware LockBit 3.0 
19. MA-994.122023: MyCERT Alert - Scammers using Compromised WhatsApp Account for Impersonation and Deceive Victims to Transfer Money 
20. MA-995.122023: MyCERT Advisory - Socks5Systemz Proxy Botnet
21. MA-996.122023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products
22. MA-997.122023: MyCERT Advisory - CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
23. MA-998.122023: MyCERT Alert - Cyber Security Best Practices Against Data Breach Incidents
24. MA-999.122023: MyCERT Advisory - The Apache Software Foundation Updates Struts 2
25. MA-1000.122023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products
26. MA-1001.122023: MyCERT Advisory - Microsoft Releases Security Updates for Multiple Products
27. MA-1002.122023: MyCERT Alert - Impersonation of Axiata Digital Labs(ADL) in public for Job Scam
28. MA-1003.122023: MyCERT Advisory - Samsung Mobile Release Security Updates for Major of Samsung’s Flagship Mobile Devices
29. MA-1004.122023: MyCERT Advisory - Multiple Vulnerabilities in Zoom Products
30. MA-1005.122023: MyCERT Advisory - Mozilla Releases Security Updates for Firefox and Thunderbird
31. MA-1006.122023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products
32. MA-1007.122023: MyCERT Advisory - Zero-Day Vulnerability in Google Chrome

Internet users and organisations may refer to the following URL for other advisories and alerts released by CyberSecurity Malaysia: 

https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5

4.0 Conclusion

Overall, the number of computer security incidents reported to the Cyber999 Incident Response Centre in Q4 2023 was 1,536 incidents. This quarter shows a slight upward trend compared to the previous quarter, with Malaysia1% decrease. Though this is a small percentage, organisations and individuals must not assume that our cyberspace is now secure; they must always ensure readiness and preparedness against potential threats. Furthermore, no significant or severe incident was observed this quarter. Nevertheless, users and organisations must be constantly vigilant of the latest computer security threats and are always advised to take measures to protect their systems and networks from these threats. Hence, we strongly recommend that all internet users be constantly aware of today's cybercrime trends and adhere to the best cyber hygiene practices. This also includes secure handling of emails from unknown sources, safe web browsing, purchasing goods online, and using social media applications. Always check the legibility of the applications, portal, merchants, services, and products before conducting any online transaction. However, as the complexity of cyber threats continues to increase, organisations and individuals could be potential targets of cyber incidents without proper awareness.

Malaysian Internet users and organisations may contact us for assistance at the below contact:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting)  
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web: https://www.mycert.org.my
 

References:

[1] https://datareportal.com/reports/digital-2023-malaysia

[2] https://theedgemalaysia.com/article/pdrm-over-rm52-billion-lost-scams-two-years