Share This

Showing posts with label CyberSecurity Malaysia. Show all posts
Showing posts with label CyberSecurity Malaysia. Show all posts

Friday, 8 December 2023

Experts warn of scams on WhatsApp

 

CyberSecurity M'sia warns of impersonation, scam activities on WhatsApp

CSM said there were fraudulent activities using the application, with the perpetrator posing as someone known to the victim before sending a link and asking the victim to click on it. — AP

KUALA LUMPUR: Beware of scammers exploiting the WhatsApp application for impersonation activities and deceiving victims into transferring money, CyberSecurity Malaysia has warned the public.

It said there were fraudulent activities using the application, with the perpetrator posing as someone known to the victim before sending a link and asking the victim to click on it.

ALSO READ: ahmi: Ministry to ask Meta about rise in WhatsApp scams

The victim will subsequently lose access to their WhatsApp account once it was done.

“The scammer will then take over the hacked WhatsApp account and use the victim’s identity to commit fraud.

“They will impersonate the victim by sending messages to the victim’s contacts via the WhatsApp account,” CyberSecurity Malaysia said in a post on Facebook, Bernama reported.

It said scammers would inform the contacts that the victim is in an emergency and needs financial aid or a loan to help them out of the crisis and promises to make a repayment.

In such a situation, the victim’s contacts will be misled and believe their friend sent the message and end up losing money.“We advise people not to click on any link received via WhatsApp. Do not make any money transfer until you have confirmed and verified with your contacts,” it said.


Fighting chance to beat scammers


Friday, 14 October 2022

iPay88 asked to raise cybersecurity standards

InvoicePay by iPay88

 


PETALING JAYA: Amid rising cases of online financial scams, Bank Negara has ordered a key service provider to raise its cybersecurity standards.

The central bank instructed ipay88 (M) Sdn Bhd to strengthen its cyber security controls and information technology (IT) infrastructure after an independent forensic investigation.

This comes just 11 days after Bank Negara told banks to up their security standards and cease using SMS one-time passwords (OTPS) in the authentication process for online banking.

ipay 88 is a provider of payment gateway services to banks and merchants in the country. It offers comprehensive online payment options such as credit or debit cards, bank transfers and other alternative online payments.

The company uses a redirect approach for its payment process, in which it redirects its customers from the merchant’s web to its web page for them to make payment.

Upon completion of the payment, customers will then be returned to the merchant’s web.

Unfortunately, on Aug 11, ipay88 issued a statement and expressed regret that there was a cybersecurity incident where card data may have been potentially compromised.

Upon discovery of the issue, ipay88 immediately initiated an investigation and brought in cybersecurity experts to contain the issue.

The containment process was successfully completed and no further suspicious activity has been detected since July 20, according to ipay88.

Bank Negara’s order this week is to ensure that similar incidents do not recur and to safeguard against future threats.

The central bank stated it will continue to closely monitor ipay88’s implementation of

these measures and where appropriate, undertake further supervisory or enforcement action.

It also directed banks and card issuers to maintain heightened vigilance over card activities that may be at risk.

Following the engagement of an independent team of cybersecurity experts to carry out a full forensic audit of its systems and payment environment, ipay88 stated the cybersecurity incident was the product of a sophisticated intrusion by an unidentified party or parties.

The intrusion specifically targeted card data from online transactions.

“There was no impact on transactions made through the Android terminals, e-wallet QR payments, online banking, BNPL, vending machines, point of sale or POS and batch card payment,” ipay88 said in a follow-up statement with regard to the earlier mentioned cybersecurity breach.

The group acknowledged that it has to bear the burden and responsibility to protect card information.

“We respectfully apologise to the Malaysian public, our business partners, and merchants for this incident,” it said.

 8 Oct 2022 by StarBiz,   Source link

 

Related news: 

 

Payment gateway provider iPay88 says 'cybersecurity incident ...

 

iPay88 breach only affected card data from online transactions

 

Putrajaya probing iPay88 cybersecurity breach - FMT

 

Related  posts:

 

Scam response centre (NSRC) hailed timely

 

 

       Tengku Zafrul unveils RM372.3bil budget   Finance Minister Tengku Datuk Seri Zafrul Abdul Aziz announced on Friday (Oct 7) that RM372...

 

CLICK TO ENLARGE The rise of online financial fraud in Malaysia - The Star As losses to scammers mount, users and service providers such as...
PUTTING THE BRAKES ON CYBERCRIME - PDRM  A day after The Star’s page one story on the increasing number of online financial crimes, Ba...

Scam response centre (NSRC) hailed timely

 

Eyes on scammers: The National Scam Response Centre will act based on reports received to block accounts. — Filepic

National Scam Response Centre – urgently needed to stop millions...

 

KUALA LUMPUR: Forming the National Scam Response Centre (NSRC) is timely with the worrying increase in scam cases, says Universiti Teknologi Mara School of Media and Information Warfare Studies’ security and political analyst Dr Noor Nirwandy Mat Noordin.

“We hope the setting up of such a central agency and budget accorded to CyberSecurity Malaysia will lead to more awareness and more participation from the public in curbing scams and cybercrimes,” he said.The government announced in Budget 2023 the formation of the NSRC that will be operational this month. 

RM73 million to enhance cybersecurity.

 https://clips.thestar.com.my/Interactive/BUDGET2023/Scam%20awareness_Budget%202023.mp4

 

The centre involves cooperation between the police, Bank Negara Malaysia, Malaysian Communications and Multimedia Commission (MCMC) and National Anti-Financial Crime Centre (NFCC).

It will act based on reports received to block accounts as well as take action against criminals.

Banking institutions will also tighten security measures for Internet banking by stopping the use of SMS one time-passwords (OTPs) for high-risk transactions.

CyberSecurity Malaysia is also allocated RM73mil, which will, among others, improve monitoring, tracking and reporting of cyberthreats including developing cyberforensic system capability.

“We believe the funds allocated to CyberSecurity will be used to develop a manual on how people can lodge reports on the numbers of suspected scammers while increasing financial literacy among the public.“We hope such efforts will lead to people becoming more wary and vigilant against tactics used by scammers, which are ever changing,” Noor Nirwandy said.

Malaysians Against Rape, Assault and Snatch Thief (Marah) founder Dave Averan said the initiative to set up the NSRC was timely and welcomed, given the rampant and increasing occurrence of various financial scams on a daily basis worldwide.

“It is good that CyberSecurity Malaysia, the police, Bank Negara and MCMC are co-opted, as this collaboration provides synergy and a faster resolution to such cases.

“As in all things Malaysian, this good initiative will boil down to the actual implementation and effective carrying out of their responsibilities. Marah will definitely be keeping an eye on this,” he said. 

 Source link

 

Related News

Budget 2023: NSRC set up to combat rising online scams

 

Related posts:

       Tengku Zafrul unveils RM372.3bil budget   Finance Minister Tengku Datuk Seri Zafrul Abdul Aziz announced on Friday (Oct 7) that RM372...
 
 
CLICK TO ENLARGE The rise of online financial fraud in Malaysia - The Star As losses to scammers mount, users and service providers such as...

 

PUTTING THE BRAKES ON CYBERCRIME - PDRM  A day after The Star’s page one story on the increasing number of online financial crimes, Ba...

Sunday, 14 May 2017

WannaCry ransomeware attacks, how to prevent it?

Source: Intel.malwaretech.com

'Do not pay ransomware hackers' - Nation



WannaCry has spread to Malaysia; two companies here were stricken by the ransomware virus that has infected a massive number of computers across the globe since Friday. Hackers use the virus to hold a victim’s data to ransom – pay up or lose all your information – and the victims overseas include hospital networks, businesses and government agencies.

PETALING JAYA: All governmental agencies have been told of the WannaCry ransomware outbreak and have armoured themselves against attacks.

“All government agencies at federal and state level have been alerted and ensured that their computers have been patched accordingly,” said CyberSecurity CEO Datuk Dr Amirudin Abdul Wahab.

Dr Amirudin said the WannaCry ransomware exploited vulnerabilities of the Windows operating system, especially on Windows XP which has stopped receiving updates since 2014.

“The malware exploits a flaw in the network protocol called the Server Message Block. Unlike former malware cases which is localised to a single computer, WannaCry exploits the operating system’s vulnerabilities and spreads it across PCs in the network.

“This is why it spread at such speed and range. Realising this, Microsoft came out with the MS17010 patch to stop this particular malware from working and spreading,” he said in a phone interview.

The patch was first rolled out in March this year but was not available to Windows XP, Windows 9 and Windows 2003 until May 12, after WannaCry’s outbreak.

According to the Microsoft Security Response Centre, Windows 10 users were not targeted by the attack.

To protect themselves against any malware attack, computer users were urged to back up their files, avoid clicking on suspicious links online or download attachments in e-mail messages sent by strangers.

“Apart from preventive measures, if you think you have been infected by the malware, please report to us at cyber999@cybersecurity.my or call us at 1300-882999,” he said.

In response to a question, Dr Amirudin said it was not an obligation under the law for anyone to report any security breach.

“It is not mandatory in Malaysia, unlike in some other countries,” he lamented, pointing out that when people made a report to CyberSecurity, their confidentiality would be paramount.

“We can also provide assistance,” Dr Amirudin added.

As of 6pm yesterday, CyberSecurity has yet to receive any report on infected computers in Malaysia.

“It does not mean that infection will not happen. At present, however, the situation is manageable and under control and we are always on the alert,” he said.

When contacted, the Malaysian Communications and Multimedia Commission and CyberSecurity Malaysia also said they had not received any report of a WannaCry infection in Malaysia.

Ransomware: how hackers take your data hostage


Screens of NHS computers with images demanding payment of US$300 (RM1,302) in Bitcoin (Bitcoin, digital currencies rally, caution prevails; virtual currency in property), saying: “Ooops, your files have been encrypted!”

It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” said Lance Cottrell, chief scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.

G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up international cooperation against a growing threat to their economies. — AFP

Massive Ransomware Attack Hits 99 Countries

PHILADELPHIA (CNN)–Tens of thousands of ransomware attacks are targeting organizations around the world on Friday.

Cybersecurity firm Avast said it has tracked more than 75,000 attacks in 99 countries. It said the majority of the attacks targeted Russia, Ukraine and Taiwan.

What is it?

The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them.

The ransomware, called “WannaCry,” is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that haven’t updated their systems are at risk. The exploit was leaked last month as part of a trove of NSA spy tools.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.

Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.

Russia’s Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now “localized.” The statement said antivirus systems are working to destroy it.

Megafon, a Russian telecommunications company, was also hit by the attack. Spokesman Petr Lidov told CNN that it affected call centers but not the company’s networks. He said the situation is now under control.

“We encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school,” the U.S. Department of Homeland Security said in a statement released late Friday. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.”

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.

How to prevent it

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.

He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.

Consumers who have up-to-date software are protected from this ransomware. Here’s how to turn automatic updates on.

It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.

Source: CNN’s Clare Sebastian contributed to this report.

WannaCry strikes two Malaysian companies



http://clips.thestar.com.my.s3.amazonaws.com/Interactive/ransomware2017/ransomware2017.mp4

PETALING JAYA: Two local companies have been hit by the infamous WannaCry ransomware, three days after the malicious software was released, infecting 200,000 computers in 150 countries so far.

According to IT security services company LGMS, the first case in Malaysia involved a director of one of its clients who came across the dreaded ransomware on his personal laptop on Saturday morning.

LGMS founder C.F. Fong said the data in the laptop had to be erased as the person did not intend to pay the US$300 (RM1,300) ransom.

The same ransomware appeared in the machine of an automotive shop on Sunday morning.

“The company didn’t have any backup and might pay (the ransom),” said Fong.

Besides disconnecting compu­ters from the network, there was not much else they could do, he noted.

As of 3pm yesterday, a website tracking incidences of WannaCry infections started showing blips in the Klang Valley area.

The website displays a blip whenever an infected computer pings its tracking servers, thus allowing it to map out a geographical distribution of the WannaCry infection.

Fong added that any machine infected by WannaCry should not be connected to a public or cor­­porate network.

“Once you plug into any network, it will start spreading,” he pointed out.

Fong said none of LGMS’ clients, which include major banks in Malaysia, had reported any pro­blems so far, adding that he was quite confident that those who re­gularly updated their computers would not face any problems with WannaCry.

He said ransomware was not new but WannaCry had caused worldwide alarm because of how fast it was spreading.

“We have seen worse and devastating ransomware attacks before but WannaCry’s infection rate is one of the fastest ever as it exploits the vulnerability that exists in Windows,” Fong said.

Security companies all over the world are reporting an unprecedented wave of WannaCry ransomware infections since Friday when more than 150 countries were hit by it.

The ransomware encrypts the data on an infected computer, preventing users from accessing it.

According to a report in The Guardian, the ransomware uses a vulnerability first revealed as part of a leaked stash of NSA-related documents, which infects machines running Windows and encrypts their contents before demanding a ransom to decrypt these files.

The perpetrators promise to release the data once a ransom of US$300 (RM1,300) is paid.

In just two days, computer networks of Britain’s National Health Service, Russia’s interior ministry and international shipper FedEx, among others, were affected.

The website tracking incidences of WannaCry infections was created by a 22-year-old British re­sear­cher known only as MalwareTech, who was credited with being an “accidental hero” after discovering a “kill switch” that halted WannaCry’s outbreak.


Cyber security expert: WannaCry ransomware has ... - The Star Online

Malaysia also hit by WannaCry ransomware - Nation

Singapore not affected by cyber attacks

How to Remove Ransomware. - Ransomware Removal Instruction

Police raid CYL office, seize items

Wednesday, 20 August 2014

What the hack were they up to, MH370?

Hackers target information on MH370 probe

The computers of high-ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen.

The stolen information was allegedly being sent to a computer in China before CyberSecurity Malaysia - a Ministry of Science, Technology and Innovation agency - had the transmissions blocked and the infected machines shut down.

The national cyber security specialist agency revealed that sophisticated malicious software (malware), disguised as a news article reporting that the missing Boeing 777 had been found, was emailed to the officials on March 9, a day after the Malaysia Airlines (MAS) plane vanished during its flight from Kuala Lumpur to Beijing.

Attached to the email was an executable file that was made to look like a PDF document, which released the malware when a user clicked on it.

A source told The Star that officials in the Department of Civil Aviation, the National Security Council and MAS were among those targeted by the hackers.

"We received reports from the administration of the agencies telling us that their network was congested with email going out of their servers," said CyberSecurity Malaysia chief executive Dr Amirudin Abdul Wahab.

"Those email contained confidential data from the officials' computers including the minutes of meetings and classified documents. Some of these were related to the MH370 investigation."

About 30 computers were infected by the malware, CyberSecurity Malaysia said. It discovered that the malware was sending the information to an IP address in China and asked the Internet service provider in that region to block it.

An IP (Internet Protocol) address is a unique numerical label assigned to each device on a computer network.

"This was well-crafted malware that antivirus programs couldn't detect. It was a very sophisticated attack,'' Amirudin said.

The agency and police are working with Interpol on the incident.

CyberSecurity Malaysia suspects the motivation for the hacking was the MH370 investigations.

"At that time, there were some people accusing the Government of not releasing crucial information,'' Amirudin said. "But everything on the investigation had been disclosed."

Flight MH370 with 239 on board went missing on March 8 about 45 minutes after take-off.

Expert: Spearphishing needs a lot of planning and work


Spearphishing attacks such as the ones that targeted the Civil Aviation Department and the National Security Council require a lot of planning and work, said a cyber security expert.

These point to either a very skilled attacker or group of hackers who have the know-how to spoof an email address to make it appear as if the message is coming from a familiar sender, said Dhillon Kannabhiran.

He is chief executive of Hack In The Box which organises the annual HITBSecConf series of network security conferences.

He said that sensitive and confidential documents should always be encrypted as an added layer of security against hackers.

How sophisticated an attack was, Kannabhiran said, depended on which version of the Microsoft Windows operating system was on the victim's computer and how up to date the system security was.

By Nicholas Cheng, The Star/Asia News Network

Related posts:

Malaysia is poised to escape the middle-income trap, but also ready to fall back into it. Normally the middle-income trap refers to count...
Photo taken on July 17, 2014 shows the debris at the crash site of a passenger plane near the village of Grabovo, Ukraine. A Malaysian...
Malaysia is poised to escape the middle-income trap, but also ready to fall back into it. Normally the middle-income trap refers to count...
Boeing has patent for autopilot tech: When it was first speculated that Flight MH370 could have been hijac...

Rightways