Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o [email protected] o...
Transcript of Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o [email protected] o...
![Page 1: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/1.jpg)
Megat Muazzam Head of Malaysia CERT CyberSecurity Malaysia
![Page 2: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/2.jpg)
CyberSecurity Malaysia OUR CORE SERVICES
2
Forensics Digital Security
Assurance
Security Management &
Best Prac6ces Info Security
Professional Development
Outreach
Strategy Engagement
Research
Cyber Security Emergency
Services
Security Quality Management
Services
InfoSecurity Professional
Development & Outreach
Strategy Engagement &
Research
2 Copyright © 2014 CyberSecurity Malaysia
![Page 3: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/3.jpg)
Cyber Security Emergency Services
CYBER SECURITY INCIDENT (1997 – 2013)
3
INCIDENTS ! Intrusion ! Intrusion AAempt ! Spam ! DOS ! Cyber Harassment ! Fraud ! Content Related ! Malicious Code ! Vulnerabili6es Report
As of 31th Dec 2013
Copyright © 2014 CyberSecurity Malaysia
![Page 4: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/4.jpg)
Copyright © 2014 CyberSecurity Malaysia 4
Cyber Security Emergency Services
Incident Reported 2014
Total Incident Reported as of
Jan – July 2014 : 5060
VulnerabiliFes Incident:
20
Source : www.mycert.org.my
![Page 5: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/5.jpg)
HeartBleed Bug
" OpenSSL an implementaFon of the SSL and TLS protocols library.
" Widely used in
# HTTPS web servers # IMAP/SSL E-‐mail servers # Other applicaFon that implement OpenSSL.
5 Copyright © 2014 CyberSecurity Malaysia
![Page 6: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/6.jpg)
Issue " OpenSSL Versions 1.0.1 through 1.0.1f affected
" Severe memory handling error in their implementaFon of the TLS Heartbeat Extension.
" Weakness allows stealing the informaFon protected, under normal condiFons, by the SSL/TLS encrypFon used to secure the Internet.
" AVackers may access sensiFve data, compromising the security of the server and its users such as:
# Session ID # Server private keys # Password
6 Copyright © 2014 CyberSecurity Malaysia
![Page 7: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/7.jpg)
Proof of Concept (PoC)
" Proof-‐of-‐concept of this vulnerability is available to public
# hVp://s3.jspenguin.org/ssltest.py # hVp://gobuild.io/download/github.com/Ftanous/heartbleeder
7 Copyright © 2014 CyberSecurity Malaysia
![Page 8: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/8.jpg)
SensiFve informaFon leaked
8 Copyright © 2014 CyberSecurity Malaysia
![Page 9: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/9.jpg)
InformaFon disclosure on Pastebin
" Results -‐ wildly being shared on Pastebin.com
9 Copyright © 2014 CyberSecurity Malaysia
![Page 10: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/10.jpg)
DetecFon " MyCERT has provide tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability.
hVp://heartbleed.honeynet.org.my
10 Copyright © 2014 CyberSecurity Malaysia
![Page 11: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/11.jpg)
Scan Result " Number of total scan : 6486
" Result Vuln Domain detecFon : 40
11 Copyright © 2014 CyberSecurity Malaysia
![Page 12: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/12.jpg)
Advisory / Awareness
Source: hVp://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/964/index.html
Through :
1) Social Media 2) Website 3) Special Interest Group
12 Copyright © 2014 CyberSecurity Malaysia
![Page 13: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/13.jpg)
Beyond HeartBleed
• What’s System Administrator to do?
– Inventory your hosts and the soaware that you run
– Read your logs
– Control your network perimeter
– Talk to your users
– Patch / Update / Upgrade
Copyright © 2014 CyberSecurity Malaysia 13
![Page 14: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/14.jpg)
Lesson Learned
• Don’t use the same password in mulFple places.
• Change your passwords at least once a year
• Use mulF-‐factor authenFcaFon where available.
• Password managers can be your friend.
• Be very, very suspicious of emails that ask you to verify an account.
Copyright © 2014 CyberSecurity Malaysia 14
![Page 15: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/15.jpg)
Cyber999 -‐ Technical Assistance ! Email
! Phone o +603 8992 6969
o 1 300 88 2999 ! Fax
o +603 8945 3442
! SMS o 15888 “Cyber999 Report”
! Mobile (24x7) o +6019 266 5850
! Online – hVp://www.mycert.org.my
! Cyber999 App
! Office Hours – MYT 0830 -‐ 1730
![Page 16: Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o cyber999@cybersecurity.my o mycert@mycert.org.my ! Phone o +603 8992 6969 o 1 300 88 2999](https://reader035.fdocuments.net/reader035/viewer/2022071212/60245e90e759d36fd7595c0a/html5/thumbnails/16.jpg)