1.0 Introduction
The Cyber Incident Quarterly Summary Report – Q1 2023 provides an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia in Q1 2023. This quarterly Cyber Incident Report also highlights statistics of incidents handled by Cyber999 Incident Response Centre in Q1 2023 according to their categories, as well as the list of security advisories released in this quarter. It should be noted that the statistics provided in this report reflect only the total number of incidents reported and handled by the Cyber999 Incident Response Centre, excluding elements such as monetary value or aftermaths of the incidents. Computer security incidents handled by the Cyber999 Incident Response Centre are those involving IP addresses and domains originating from Malaysia. We also work closely with ISPs, CERTs, Special Interest Groups (SIGs) and Law Enforcement Agencies (LEAs), from local and international, to remediate and mitigate computer security incidents in Malaysia.
2.0 Trends Q1 2023
The number of Malaysian Internet users in Malaysia has increased to 33.03 million at the start of 2023. As of January 2023, the estimated number of social media users in Malaysia is 26.80 million equating to 78.5 percent of the total population.
In general, the Cyber999 Incident Response Centre receives incident reports from local individuals, including Internet users and members of the public, as well as from industries, government, academia, and non-profit organisations (NGOs). We also proactively seek and gather insights on cyber threats that could impact Internet users and organisations in Malaysia and aid in mitigating these threats.
The Cyber999 Incident Response Centre received 1,290 incidents in Q4 2022. In comparison, Q1 2023 received a total of 1,307 incidents, indicating a 13% increase compared to Q4 2022.
Table 1 to Table 3 below provide details of the reported incidents in Q1 2023 and Q4 2022.
Table 1: Comparison of total incidents between Q4 2022 and Q1 2023
Categories of Incidents | Quarters | Percentage (%) | |
Q4 2022 | Q1 2023 | ||
Data Breach | 19 | 102 | 437 |
DoS | 3 | 3 | 0 |
Fraud | 819 | 797 | -2.7 |
Intrusion | 158 | 157 | -1 |
Intrusion Attempt | 41 | 56 | 37 |
Malicious Codes | 163 | 140 | -14 |
Spam | 70 | 24 | -66 |
Vulnerabilities Report | 17 | 28 | 65 |
TOTAL | 1290 | 1307 | 13 |
Table 2: Number of incidents based on months in Q1 2023
Categories of Incidents | Jan | Feb | Mac |
Denial of Service | 0 | 1 | 2 |
Fraud | 235 | 272 | 340 |
Vulnerabilities Report | 10 | 9 | 9 |
Intrusion | 72 | 39 | 46 |
Intrusion Attempt | 22 | 17 | 17 |
Malicious Codes | 24 | 45 | 71 |
Data Breach | 12 | 37 | 53 |
Spam | 13 | 6 | 5 |
TOTAL | 388 | 376 | 543 |
Table 3: Number of sub-categories of incidents based on months in Q1 2023
Categories of Incidents | Jan | Feb | Mar |
Denial of Service | |||
Denial of Service – DoS | 1 | 2 | 4 |
Fraud | |||
Fraud — Bogus Email | 1 | 3 | 6 |
Fraud – Business Email Compromise | 0 | 1 | 1 |
Fraud – Fraud Site | 20 | 37 | 75 |
Fraud – Impersonation & Spoofing | 3 | 5 | 6 |
Fraud – Job Scam | 4 | 5 | 13 |
Fraud – Lottery Scam | 0 | 0 | 0 |
Fraud – Love/Parcel Scam | 1 | 0 | 0 |
Fraud — Phishing | 206 | 171 | 239 |
Vulnerabilities Report | |||
Vulnerabilities Report – Misconfiguration Disclosure | 6 | 6 | 2 |
Vulnerabilities Report — System | 2 | 2 | 4 |
Vulnerabilities Report — Web | 2 | 1 | 3 |
Intrusion | |||
Intrusion – Account Compromise | 3 | 0 | 3 |
Intrusion — Defacement | 69 | 39 | 43 |
Intrusion Attempt | |||
Intrusion Attempt – Login Brute Force | 3 | 1 | 6 |
Intrusion Attempt – Port Scanning | 3 | 4 | 3 |
Intrusion Attempt – Vulnerability Probes | 16 | 12 | 8 |
Malicious Codes | |||
Malicious Codes – Botnet C&C | 1 | 0 | 2 |
Malicious Codes – Bots | 0 | 0 | 0 |
Malicious Codes – Malware | 20 | 44 | 65 |
Malicious Codes – Malware Hosting | 3 | 1 | 4 |
Content Related | |||
Content Related – Data Breach | 12 | 37 | 53 |
Spam | |||
Spam – Spam | 8 | 6 | 5 |
Spam – Spam Relay | 5 | 0 | 0 |
TOTAL | 388 | 376 | 543 |
Figure 1 illustrates and provides an overview of the number of incidents reported in Q1 2023, in a chart. Figure 2 illustrates the percentage of incidents based on their classification.
Figure 1: Breakdown of reported incidents from Jan to Mac 2023
Figure 2: Percentage of reported incidents by classification
Based on the above statistics, there is a trend in which a few incidents reported to us have increased in Q1 2023 compared to Q4 2022, with two incidents (Spam and DDOS) remaining low. The one incident, data breach showed an increase of 437% from Q4 2022. For the total incident of Q1 2023, the topmost reported incident is fraud, representing (60.98%) of the total number of reported incidents to us. This is followed by intrusion (12.01%), malicious code(10.71%), and data breach (7.8%).
Based on the current trends, data breach incidents will most likely continue to grow in Malaysia in 2024. They will always be among the top 4 reported incidents to the Cyber999 Incident Response Centre if organisations and Internet users do not take proper security measures to prevent data breaches.
The types of data breaches reported to us are as in the below table:
Table 4: Type of reported data breach incidents
Type of Data Breach | Description |
PII | Personal data identification such as fullname, IC, address, age, telephone number, salary |
Email Credential | Username and password of email account |
Appliances Credential | Admin panel access, Joomla, wordpress, ftp access, wp-admin access and etc |
Meanwhile, for fraud incidents besides phishing URLs, new tactics and techniques of current scams that concatenate social engineering and malicious code could potentially continue to grow in Malaysian cyberspace.
2.1 Top Fraud Incidents Reported by Malaysian Internet Users to CyberSecurity Malaysia
Scam activities and fraud continuously prevail within the community, targeting various citizens, from students to professionals. It has become a preferred method of criminals as awareness is still lacking among the public, making them an easier target. A total of 797 fraud incidents were handled in this quarter, representing a decrease of 2.7% compared to Q4 2022. All the incidents were received from organisations and public users. The top fraud incidents reported to the Cyber999 Incident Response Centre are as below:
- Phishing
- Impersonation and Spoofing
- Fraudulent website
- Job scam
- Bogus email
- Business email compromise – BEC
According to the Royal Malaysia Police’s (PDRM) commercial crimes investigation department (CCID), a total of 71,833 scams, amounting to more than RM5.2 billion in losses, were reported from 2020 until May 2022 [2]. Therefore, Internet users and organisations must be vigilant when conducting online transactions or performing e-commerce transactions to avoid becoming victims of online fraud
2.2 Top Malware Infection in Malaysia
The second most reported incident in this quarter is intrusion. The intrusion incidents have two subcategories, which are account compromise and defacement. The third top incident is malicious code. This includes malware hosting, ransomware, malicious APK, backdoors and trojans. Among these incidents, the top reported malware incident is related to malicious APK. This type of incident is typically received from banking users who directly report to local financial institutions and also to us, in some cases.
Types of malicious APK-based modus operandi reported to us are:
- Malicious cleaning APK
- Phishing BNM
- Malicious TV APK
- Malicious Maxtag APK
- Malicious TNG APK
- Malicious streaming APK
- Malicious loan application APK
- Malicious APK Digi reward
- Malicious parcel APK
Users must be vigilant and keep systems up to date with the latest patches and security updates to prevent unwanted incidents. The second top-reported incident within the malware category is malware hosting. This category of malware-hosting affected vulnerable servers with IP addresses originating from Malaysia. These incidents usually are received from foreign entities, such as Anti-virus vendors and Special Interest Groups. System Administrators must be vigilant and always keep systems up-to-date with the latest patches and security measures to prevent unwanted incidents.
Nevertheless, ransomware incidents decreased in Q1 2023 compared to the previous quarter. For Q4 2022, we received 19 incidents, while for Q1 2023, we received 14 incidents, indicating a decrease compared to Q4 2022. Ransomware is malicious software (malware) that infects a computer and restricts access until the requested ransom is paid. Our finding identified that ransomware incidents frequently occur among business organisations, and the incidents are mostly reported by commercial businesses, consistent with the Verizon DBIR 2022 which reported that organisations, including businesses, are most impacted by ransomware across the globe. It is also considered the costliest attack among other threats, involving the cost of recovering the whole data and rectifying infected machines.
Based on the current trends, ransomware incidents will most likely continue to grow in Malaysia in 2024. Organisations and Internet users must always take proper security measures against ransomware incidents.
Types of ransomware variants reported to Cyber999 Incident Response Centre in Q1 2023 are:
- Ragner locker
- JYQS
- ALPHV/Blackcat
- .mkp extension / Makop
- .mztu extension / STOP / DJVU
- Lockbit 3.0
- Lockbit 2.0
- Faust
- Fastwind
- Elbie
- YEHEI
Below is the list of top malware that infected computers belonging to individuals and organisations in Malaysia, as reported to Cyber999 Incident Response Centre in Q1 2023:
- avalanche-andromeda
- downadup
- m0yv
- dltminer
- sinkhole
- sality
- android.hummer
- android.hummer
- js.worm.bondat
- necurs
- lethic
Good backup management, password security and cyber security awareness are essential in combating ransomware and other types of malware. The backup procedure, policy and best practices need to be implemented by everyone. Providing awareness campaigns to ensure users are up to date with the latest cyber threat landscapes and conducting organization-level tabletop exercises to challenge user understanding are among the best efforts to improve an organisation’s cybersecurity.
3.0 Security Advisories and Alerts Released in Q1 2023
In Q1 2023, we issued 17 advisories involving Mozilla, Microsoft, Apple, VMware security updates, etc. The alert and advisory come with descriptions, recommendations, and references. Highlights of advisories and warnings for this quarter are:
Advisories:
1.MA-904.012023: MyCERT Advisory – Adobe Releases Security Updates for Multiple Products
2.MA-905.012023: MyCERT Advisory – Microsoft Releases January 2023 Security Updates
3.MA-906.012023: MyCERT Advisory – New Dark Pink APT Group Targets Government and Military Organisations in APAC Countries
4.MA-907.012023: MyCERT Advisory – Ransomware LockBit 3.0
5.MA-908.022023: MyCERT Advisory – Ransomware campaign actively exploiting a vulnerability (CVE-2021-21974) in unpatched VMware ESXi servers
6.MA-909.022023: MyCERT Advisory – Microsoft Releases February 2023 Security Updates
7.MA-910.022023: MyCERT Advisory – Apple Releases Security Updates for Multiple Products
8.MA-911.022023: MyCERT Advisory – Mozilla Releases Security Updates for Firefox 110 and Firefox ESR
9.MA-912.022023: MyCERT Advisory – ChatGPT and Security Best Practices
10.MA-913.032023: MyCERT Advisory – Apple Releases Security Updates for Multiple Products
11.MA-914.032023: MyCERT Advisory – Microsoft’s Monthly (March 2023) consolidated tech and security patches update
12.MA-915.032023: MyCERT Advisory – Royal Ransomware
13.MA-916.032023: MyCERT Advisory – Cybersecurity Advisory on Control System Defense
14.MA-917.032023: MyCERT Advisory – Industrial Control Systems Advisories
Internet users and organisations may refer to the following URL for other advisories and alerts released by MyCERT:
https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5
4.0 Conclusion
Overall, the number of computer security incidents reported to the Cyber999 Incident Response Centre in Q1 2023 was 1,307 incidents. This quarter shows a slight upward trend compared to the previous quarter, with a 13% increase. Though this is a tiny percentage, organisations and individuals must not assume that our cyberspace is now secured but must always ensure readiness and preparedness against potential threats out there. Furthermore, there was no significant or severe incident observed in this quarter. Nevertheless, users and organisations must be constantly vigilant of the latest computer security threats and are always advised to take measures to protect their systems and networks from these threats. Hence, we strongly recommend that all internet users be constantly aware of today’s cybercrime trends and adhere to the best cyber hygiene practices. This also includes secure handling of emails from unknown sources, secure web browsing, purchasing goods online, and using social media applications. Always check the legibility of the applications, portal, merchants, services, and products before conducting any online transaction. However, as the complexity of cyber threats continues to increase, without proper awareness, organisations and individuals could be potential targets of cyber incidnets.
Malaysian Internet users and organisations may contact us for assistance at the below contact:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24×7 call incident reporting)
Business Hours: Mon – Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
References:
[1] https://datareportal.com/reports/digital-2023-malaysia
[2] https://theedgemalaysia.com/article/pdrm-over-rm52-billion-lost-scams-two-years