Shields up around Malaysia’s cyberspace

PETALING JAYA: Although cybersecurity incidents have been on a downward trend, the National Cyber Security Agency (Nacsa) is continuously beefing up the cybersecurity defences of government infrastructure.

“According to statistics from Nacsa’s National Cyber Coordination and Command Centre (NC4), 4,378 incidents involving government agencies were recorded in 2022, compared with 1,633 incidents in 2023,” its chief executive Dr Megat Zuhairy Megat Tajuddin told The Star.

“Encouragingly, as of Nov 1, the number of cybersecurity incidents has further decreased to 1,397, representing a significant improvement over the same period last year. This reduction highlights the effectiveness of proactive measures taken to safeguard our cyberspace,” he added.

The NC4 is a centre set up for cyber crisis management purposes including the monitoring of cyberthreats.

Megat Zuhairy said in its capacity as Malaysia’s National Computer Emergency Response Team (CERT), the NC4 closely monitors the cybersecurity landscape and takes comprehensive action to address growing cyberthreats, including attacks that lead to financial losses.

“The NC4 has implemented various proactive strategies and introduced stricter preventive measures to protect National Critical Information Infrastructure (NCII) agencies from potential cyberthreats,” he said.

In response to specific incidents affecting government agencies, Nacsa developed and distributed a playbook titled Search Engine Optimisation (SEO) Poisoning and Web Shell Attacks. This resource was shared with all government agencies via their Computer Security Incident Response Teams (CSIRTs) to provide guidance and promote coordinated responses, he added.

SEO is a technique used by web developers to boost the chances of their websites being picked up by search engines like Google. “SEO poisoning” is when bad actors try and make their malicious websites look authentic. A “web shell attack” is when a web server is compromised, allowing hackers to launch additional attacks.

ALSO READ: Smaller firms lack budget for cybersecurity

The NC4 has recommended that government agencies adopt certain best practices including ensuring that environments are equipped with up-to-date security controls as well as strengthening login authentication through Multi-Factor Authentication.

Aside from that, Megat Zuhairy also urged these agencies to review network segmentation to prevent the spread of cyberthreats within agency networks, issue regular reminders about cyberthreats, recommend mitigation actions, and provide advisory and technical support to NCII agencies facing cyberattacks.

Meanwhile, Universiti Sains Malaysia’s Cybersecurity Research Centre director Prof Dr Selvakumar Manickam said any online service can become a potential target for malicious actors seeking to exploit vulnerabilities, steal data or disrupt operations.Expressing serious concerns over the sale of breached data over the dark web, he said these underground platforms host a black market for sensitive personal and corporate information stolen during cyberattacks.

“The dark web is also not an impenetrable shield as anyone with the TOR browser and a bit of technical know-how can navigate its depths and potentially engage in illicit activities.

ALSO READ: Beef up cybersecurity now as attacks likely to happen if no action taken, says Bukit Aman

“This ease of access poses a significant risk as it can embolden individuals with malicious intent.

“Aspiring hackers can easily find their way to hacker forums, where they can learn from seasoned cybercriminals,” Prof Selvakumar said when contacted.

He said businesses with online services and applications must remain vigilant and invest in robust security measures.

Prof Selvakumar added that cybersecurity often suffers from lack of oversight, with businesses sometimes overlooking seemingly minor details that can have major consequences.

“A simple example is the failure to decommission old web portals when transitioning to new ones.“These ‘forgotten’ systems, often left online due to negligence or lack of awareness, can become attractive targets for attackers.“Like a digital appendix, they may seem useless, but they can harbour vulnerabilities that provide a backdoor into the organisation’s network, potentially compromising other critical systems,” he said.

×

Related stories:

Beef up cybersecurity now as attacks likely to happen if no action taken, says Bukit Aman

Smaller firms lack budget for cybersecurity

Make clear who’s in charge now, say stakeholders

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Report it to us.

Next In Nation
Immigration raids Petaling Street, nabs 34 foreigners
Floods: Seven relief centres opened in Kota Tinggi following continuous rain
Three cars damaged by falling tree in KL's Jalan Stonor
Five undocumented Cambodians nabbed at Padang Besar checkpoint
Thorough screening procedures conducted on foreign tourists upon arrival, says Immigration
Agriculture Ministry refutes claims of lower padi purchase prices
S'wak TV station top exec among five detained to help money-laundering, CBT probe, says IGP
Selat Klang Muslim cemetery: State govt, ECRL in talks for new grave enclosures and tombstones
MetMalaysia warns of danger-level continuous rain in Pahang, Johor until Jan 12
Kg Sepakat Baru residents raise stink over foul discharge in Sg Skudai

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.