Megat Muazzam Head of Malaysia CERT CyberSecurity Malaysia
CyberSecurity Malaysia OUR CORE SERVICES
2
Forensics Digital Security
Assurance
Security Management &
Best Prac6ces Info Security
Professional Development
Outreach
Strategy Engagement
Research
Cyber Security Emergency
Services
Security Quality Management
Services
InfoSecurity Professional
Development & Outreach
Strategy Engagement &
Research
2 Copyright © 2014 CyberSecurity Malaysia
Cyber Security Emergency Services
CYBER SECURITY INCIDENT (1997 – 2013)
3
INCIDENTS ! Intrusion ! Intrusion AAempt ! Spam ! DOS ! Cyber Harassment ! Fraud ! Content Related ! Malicious Code ! Vulnerabili6es Report
As of 31th Dec 2013
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2014 CyberSecurity Malaysia 4
Cyber Security Emergency Services
Incident Reported 2014
Total Incident Reported as of
Jan – July 2014 : 5060
VulnerabiliFes Incident:
20
Source : www.mycert.org.my
HeartBleed Bug
" OpenSSL an implementaFon of the SSL and TLS protocols library.
" Widely used in
# HTTPS web servers # IMAP/SSL E-‐mail servers # Other applicaFon that implement OpenSSL.
5 Copyright © 2014 CyberSecurity Malaysia
Issue " OpenSSL Versions 1.0.1 through 1.0.1f affected
" Severe memory handling error in their implementaFon of the TLS Heartbeat Extension.
" Weakness allows stealing the informaFon protected, under normal condiFons, by the SSL/TLS encrypFon used to secure the Internet.
" AVackers may access sensiFve data, compromising the security of the server and its users such as:
# Session ID # Server private keys # Password
6 Copyright © 2014 CyberSecurity Malaysia
Proof of Concept (PoC)
" Proof-‐of-‐concept of this vulnerability is available to public
# hVp://s3.jspenguin.org/ssltest.py # hVp://gobuild.io/download/github.com/Ftanous/heartbleeder
7 Copyright © 2014 CyberSecurity Malaysia
SensiFve informaFon leaked
8 Copyright © 2014 CyberSecurity Malaysia
InformaFon disclosure on Pastebin
" Results -‐ wildly being shared on Pastebin.com
9 Copyright © 2014 CyberSecurity Malaysia
DetecFon " MyCERT has provide tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability.
hVp://heartbleed.honeynet.org.my
10 Copyright © 2014 CyberSecurity Malaysia
Scan Result " Number of total scan : 6486
" Result Vuln Domain detecFon : 40
11 Copyright © 2014 CyberSecurity Malaysia
Advisory / Awareness
Source: hVp://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/964/index.html
Through :
1) Social Media 2) Website 3) Special Interest Group
12 Copyright © 2014 CyberSecurity Malaysia
Beyond HeartBleed
• What’s System Administrator to do?
– Inventory your hosts and the soaware that you run
– Read your logs
– Control your network perimeter
– Talk to your users
– Patch / Update / Upgrade
Copyright © 2014 CyberSecurity Malaysia 13
Lesson Learned
• Don’t use the same password in mulFple places.
• Change your passwords at least once a year
• Use mulF-‐factor authenFcaFon where available.
• Password managers can be your friend.
• Be very, very suspicious of emails that ask you to verify an account.
Copyright © 2014 CyberSecurity Malaysia 14
Cyber999 -‐ Technical Assistance ! Email
! Phone o +603 8992 6969
o 1 300 88 2999 ! Fax
o +603 8945 3442
! SMS o 15888 “Cyber999 Report”
! Mobile (24x7) o +6019 266 5850
! Online – hVp://www.mycert.org.my
! Cyber999 App
! Office Hours – MYT 0830 -‐ 1730
Top Related