Photo via Malay Mail
In case you missed it, a group of hacker activist or hacktivists, Anonymous Malaysia, resurfaced a few days ago after more than five years with a special message addressed to the government.
In a video posted on its Facebook page, the group said this warning should serve as a “wake-up call for the government of Malaysia” which it has accused of keeping silent over the many data breaches and sales of personal information of citizens in the past few years.
“Your security system is low, all data may be leaked. This can cause unwanted hackers selling all information,” it said.
The dramatic video, of course, went viral, and the government has quickly warned all government agencies to be on high alert for a cyberattack amid the threat.
At the time of writing, police have yet to receive any report of government websites being hacked, and urged the public to provide support and cooperation by channeling information on any hacking activities.
Cybersecurity company, Trend Micro said a potential attack on the systems that provide a gateway to sensitive and personally identifiable information (PII), as well as the nation’s infrastructure, will have far sweeping consequences, especially as we are grappling with the ongoing effects of COVID-19.
With that, its managing director, Goh Chee Hoh shared a few practices to keep in mind in an increasingly volatile threat environment:
- Ensure all hardware and software is patched. Any known vulnerabilities could be used to breach and attack the website. Tighten configurations and ensure regular updates and virtual patching for the host and network layer.
- Use strong passwords. When there is a threat of attack, reset all critical users’ passwords. Default passwords should be replaced with robust credentials that include a mix of numbers, letters and special characters that cannot be easily guessed.
- Zero Trust Policies. Apply zero trust protocols for users, especially those working remotely that have access to server farms. Deploy layered protection on server farms to tighten application controls.
- Mind the human element. Ensure employees are up to date with the latest cybersecurity practices and comply with existing corporate security policies. Continuous training and education go a long way towards enhancing skills and knowledge to build a proficient workforce for the digital age.
- Activate contingency plans and backups to minimize the potential losses of data and other information following an attack.
"The current digital shift and the COVID-19-triggered disruptions indeed created a spike on threats against individuals and public and private institutions in Malaysia, and globally. We have seen multiple, massive data breaches last year not just in the country but across the Southeast Asia region," said Yeo Siang Tiong, General Manager, Southeast Asia at cybersecurity company, Kaspersky.
Yeo also had a few recommendations for government and private organisations:
- Ensure that proper and comprehensive endpoint solutions are in place.
- Set up tiered levels of access, giving permission only to those who need it on each level. Be sure to review it regularly as well.
- New malware and more sophisticated techniques are being employed by cybercriminal groups every day. Keep your systems intelligent and update-to-date by incorporating global threat feeds and threat intelligence report which provide in-depth visibility and detailed information about the most recent threats targeting organisations like yours.
- In case of an attack, be sure to involve relevant law enforcement agencies and cybersecurity experts to conduct proper mitigation, investigation, and recovery.
Hacktivist groups such as Anonymous Malaysia are based on loose membership with members joining and leaving at any point in time and may also form alliances with other hacking groups for certain hacking campaigns.
It’s understood they usually don’t have a very high degree of technical proficiency, but this is compensated by their use of various hacking tools, coordinated effort to scan for vulnerable websites and sharing of information between members.
So because of the volume of probing hacktivists carry out, they would likely be able to perform a successful attack and this is probably the biggest challenge for security professionals, as it only takes a single successful hack for the attackers to claim victory.
by Kyle Roshen Jacob
