MA.18.03.03-900x600

SR-022.022024: MyCERT Report – Cyber Incident Quarterly Summary Report – Q1 2023

1.0 Introduction

The Cyber Incident Quarterly Summary Report – Q1 2023  provides an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia in Q1 2023. This quarterly Cyber Incident Report also highlights statistics of incidents handled by Cyber999 Incident Response Centre in Q1 2023 according to their categories, as well as the list of security advisories released in this quarter. It should be noted that the statistics provided in this report reflect only the total number of incidents reported and handled by the Cyber999 Incident Response Centre, excluding elements such as monetary value or aftermaths of the incidents. Computer security incidents handled by the Cyber999 Incident Response Centre are those involving IP addresses and domains originating from Malaysia.  We also work closely with ISPs, CERTs, Special Interest Groups (SIGs) and Law Enforcement Agencies (LEAs), from local and international, to remediate and mitigate computer security incidents in Malaysia.

 

2.0 Trends Q1 2023

The number of Malaysian Internet users in Malaysia has increased to 33.03 million at the start of 2023. As of January 2023, the estimated number of social media users in Malaysia is 26.80 million equating to 78.5 percent of the total population.

In general, the Cyber999 Incident Response Centre receives incident reports from local individuals, including Internet users and members of the public, as well as from industries, government, academia, and non-profit organisations (NGOs). We also proactively seek and gather insights on cyber threats that could impact Internet users and organisations in Malaysia and aid in mitigating these threats.

The Cyber999 Incident Response Centre received 1,290 incidents in Q4 2022. In comparison, Q1 2023 received a total of 1,307 incidents, indicating a 13% increase compared to Q4 2022.

Table 1 to Table 3 below provide details of the reported incidents in Q1 2023 and Q4 2022.

Table 1: Comparison of total incidents between Q4 2022 and Q1 2023

Categories of Incidents Quarters Percentage (%)
Q4 2022 Q1 2023
Data Breach 19 102 437
DoS 3 3 0
Fraud 819 797 -2.7
Intrusion 158 157 -1
Intrusion Attempt 41 56 37
Malicious Codes 163 140 -14
Spam 70 24 -66
Vulnerabilities Report 17 28 65
TOTAL 1290 1307 13

 

Table 2: Number of incidents based on months in Q1 2023

Categories of Incidents Jan Feb Mac
Denial of Service 0 1 2
Fraud 235 272 340
Vulnerabilities Report 10 9 9
Intrusion 72 39 46
Intrusion Attempt 22 17 17
Malicious Codes 24 45 71
Data Breach 12 37 53
Spam 13 6 5
TOTAL 388 376 543

 

Table 3: Number of sub-categories of incidents based on months in Q1 2023

Categories of Incidents Jan Feb Mar
Denial of Service      
Denial of Service – DoS 1 2 4
Fraud      
Fraud — Bogus Email 1 3 6
Fraud – Business Email Compromise 0 1 1
Fraud – Fraud Site 20 37 75
Fraud – Impersonation & Spoofing 3 5 6
Fraud – Job Scam 4 5 13
Fraud – Lottery Scam 0 0 0
Fraud – Love/Parcel Scam 1 0 0
Fraud — Phishing 206 171 239
Vulnerabilities Report      
Vulnerabilities Report – Misconfiguration Disclosure 6 6 2
Vulnerabilities Report — System 2 2 4
Vulnerabilities Report — Web 2 1 3
Intrusion      
Intrusion – Account Compromise 3 0 3
Intrusion — Defacement 69 39 43
Intrusion Attempt      
Intrusion Attempt – Login Brute Force 3 1 6
Intrusion Attempt – Port Scanning 3 4 3
Intrusion Attempt – Vulnerability Probes 16 12 8
Malicious Codes      
Malicious Codes – Botnet C&C 1 0 2
Malicious Codes – Bots 0 0 0
Malicious Codes – Malware 20 44 65
Malicious Codes – Malware Hosting 3 1 4
Content Related      
Content Related – Data Breach 12 37 53
Spam      
Spam – Spam 8 6 5
Spam – Spam Relay 5 0 0
TOTAL 388 376 543

 

Figure 1 illustrates and provides an overview of the number of incidents reported in Q1 2023, in a chart. Figure 2 illustrates the percentage of incidents based on their classification.

/var/folders/6z/hkzvrwr1051ffchpgxsxv2bhvy2bzg/T/com.microsoft.Word/Content.MSO/BC8EB4BA.tmp

Figure 1: Breakdown of reported incidents from Jan to Mac 2023

 

/var/folders/6z/hkzvrwr1051ffchpgxsxv2bhvy2bzg/T/com.microsoft.Word/Content.MSO/1F18CD8.tmp 

Figure 2: Percentage of reported incidents by classification

 

Based on the above statistics, there is a trend in which a few incidents reported to us have increased in Q1 2023 compared to Q4 2022, with two incidents (Spam and DDOS) remaining low. The one incident, data breach showed an increase of 437% from Q4 2022. For the total incident of Q1 2023, the topmost reported incident is fraud, representing (60.98%) of the total number of reported incidents to us. This is followed by intrusion (12.01%), malicious code(10.71%), and data breach (7.8%).

Based on the current trends, data breach incidents will most likely continue to grow in Malaysia in 2024. They will always be among the top 4 reported incidents to the Cyber999 Incident Response Centre if organisations and Internet users do not take proper security measures to prevent data breaches.

The types of data breaches reported to us are as in the below table:

Table 4: Type of reported data breach incidents

Type of Data Breach Description
PII Personal data identification such as fullname, IC, address, age, telephone number, salary
Email Credential Username and password of email account
Appliances Credential Admin panel access, Joomla, wordpress, ftp access, wp-admin access and etc

 

Meanwhile, for fraud incidents besides phishing URLs, new tactics and techniques of current scams that concatenate social engineering and malicious code could potentially continue to grow in Malaysian cyberspace.

 

2.1 Top Fraud Incidents Reported by Malaysian Internet Users to CyberSecurity Malaysia

Scam activities and fraud continuously prevail within the community, targeting various citizens, from students to professionals. It has become a preferred method of criminals as awareness is still lacking among the public, making them an easier target. A total of 797 fraud incidents were handled in this quarter, representing a decrease of 2.7% compared to Q4 2022. All the incidents were received from organisations and public users. The top fraud incidents reported to the Cyber999 Incident Response Centre are as below:

  • Phishing
  • Impersonation and Spoofing
  • Fraudulent website
  • Job scam
  • Bogus email
  • Business email compromise – BEC

According to the Royal Malaysia Police’s (PDRM) commercial crimes investigation department (CCID), a total of 71,833 scams, amounting to more than RM5.2 billion in losses, were reported from 2020 until May 2022 [2]. Therefore, Internet users and organisations must be vigilant when conducting online transactions or performing e-commerce transactions to avoid becoming victims of online fraud

 

2.2 Top Malware Infection in Malaysia

The second most reported incident in this quarter is intrusion. The intrusion incidents have two subcategories, which are account compromise and defacement. The third top incident is malicious code. This includes malware hosting, ransomware, malicious APK, backdoors and trojans. Among these incidents, the top reported malware incident is related to malicious APK. This type of incident is typically received from banking users who directly report to local financial institutions and also to us, in some cases.

 

Types of malicious APK-based modus operandi reported to us are:

  • Malicious cleaning APK
  • Phishing BNM
  • Malicious TV APK
  • Malicious Maxtag APK
  • Malicious TNG APK
  • Malicious streaming APK
  • Malicious loan application APK
  • Malicious APK Digi reward
  • Malicious parcel APK

 

Users must be vigilant and keep systems up to date with the latest patches and security updates to prevent unwanted incidents. The second top-reported incident within the malware category is malware hosting. This category of malware-hosting affected vulnerable servers with IP addresses originating from Malaysia. These incidents usually are received from foreign entities, such as Anti-virus vendors and Special Interest Groups. System Administrators must be vigilant and always keep systems up-to-date with the latest patches and security measures to prevent unwanted incidents.

 

Nevertheless, ransomware incidents decreased in Q1 2023 compared to the previous quarter. For Q4 2022, we received 19 incidents, while for Q1 2023, we received 14 incidents, indicating a decrease compared to Q4 2022. Ransomware is malicious software (malware) that infects a computer and restricts access until the requested ransom is paid. Our finding identified that ransomware incidents frequently occur among business organisations, and the incidents are mostly reported by commercial businesses, consistent with the Verizon DBIR 2022 which reported that organisations, including businesses, are most impacted by ransomware across the globe. It is also considered the costliest attack among other threats, involving the cost of recovering the whole data and rectifying infected machines.

Based on the current trends, ransomware incidents will most likely continue to grow in Malaysia in 2024. Organisations and Internet users must always take proper security measures against ransomware incidents.

 

Types of ransomware variants reported to Cyber999 Incident Response Centre in Q1 2023 are:

  • Ragner locker
  • JYQS
  • ALPHV/Blackcat
  • .mkp extension / Makop
  • .mztu extension / STOP / DJVU
  • Lockbit 3.0
  • Lockbit 2.0
  • Faust
  • Fastwind
  • Elbie
  • YEHEI

Below is the list of top malware that infected computers belonging to individuals and organisations in Malaysia, as reported to Cyber999 Incident Response Centre in Q1 2023:

  • avalanche-andromeda
  • downadup
  • m0yv
  • dltminer
  • sinkhole
  • sality
  • android.hummer
  • android.hummer
  • js.worm.bondat
  • necurs
  • lethic

 

Good backup management, password security and cyber security awareness are essential in combating ransomware and other types of malware. The backup procedure, policy and best practices need to be implemented by everyone. Providing awareness campaigns to ensure users are up to date with the latest cyber threat landscapes and conducting organization-level tabletop exercises to challenge user understanding are among the best efforts to improve an organisation’s cybersecurity.

 

3.0 Security Advisories and Alerts Released in Q1 2023

In Q1 2023, we issued 17 advisories involving Mozilla, Microsoft, Apple, VMware security updates, etc. The alert and advisory come with descriptions, recommendations, and references. Highlights of advisories and warnings for this quarter are:

Advisories: 

1.MA-904.012023: MyCERT Advisory – Adobe Releases Security Updates for Multiple Products

2.MA-905.012023: MyCERT Advisory – Microsoft Releases January 2023 Security Updates

3.MA-906.012023: MyCERT Advisory – New Dark Pink APT Group Targets Government and Military Organisations in APAC Countries

4.MA-907.012023: MyCERT Advisory – Ransomware LockBit 3.0

5.MA-908.022023: MyCERT Advisory – Ransomware campaign actively exploiting a vulnerability (CVE-2021-21974) in unpatched VMware ESXi servers

6.MA-909.022023: MyCERT Advisory – Microsoft Releases February 2023 Security Updates

7.MA-910.022023: MyCERT Advisory – Apple Releases Security Updates for Multiple Products

8.MA-911.022023: MyCERT Advisory – Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

9.MA-912.022023: MyCERT Advisory – ChatGPT and Security Best Practices

10.MA-913.032023: MyCERT Advisory – Apple Releases Security Updates for Multiple Products

11.MA-914.032023: MyCERT Advisory – Microsoft’s Monthly (March 2023) consolidated tech and security patches update

12.MA-915.032023: MyCERT Advisory – Royal Ransomware

13.MA-916.032023: MyCERT Advisory – Cybersecurity Advisory on Control System Defense

14.MA-917.032023: MyCERT Advisory – Industrial Control Systems Advisories

Internet users and organisations may refer to the following URL for other advisories and alerts released by MyCERT:

https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5

 

4.0 Conclusion

Overall, the number of computer security incidents reported to the Cyber999 Incident Response Centre in Q1 2023 was 1,307 incidents. This quarter shows a slight upward trend compared to the previous quarter, with a 13% increase. Though this is a tiny percentage, organisations and individuals must not assume that our cyberspace is now secured but must always ensure readiness and preparedness against potential threats out there. Furthermore, there was no significant or severe incident observed in this quarter. Nevertheless, users and organisations must be constantly vigilant of the latest computer security threats and are always advised to take measures to protect their systems and networks from these threats. Hence, we strongly recommend that all internet users be constantly aware of today’s cybercrime trends and adhere to the best cyber hygiene practices. This also includes secure handling of emails from unknown sources, secure web browsing, purchasing goods online, and using social media applications. Always check the legibility of the applications, portal, merchants, services, and products before conducting any online transaction. However, as the complexity of cyber threats continues to increase, without proper awareness, organisations and individuals could be potential targets of cyber incidnets.

Malaysian Internet users and organisations may contact us for assistance at the below contact:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24×7 call incident reporting)
Business Hours: Mon – Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

 

References:

[1] https://datareportal.com/reports/digital-2023-malaysia

[2] https://theedgemalaysia.com/article/pdrm-over-rm52-billion-lost-scams-two-years

 

Share: