security related professionals, by inviting them to give a security training course, as a part of an APEC project, through lectures and active discussions. This chance will give more skills and experiences in legal and technical way, not only to ones from developing countries who are or plans to building a CSIRT for their own constituencies, but also to leading teams by sharing the experiences and trends from all the economies from Asia Pacific region. Thank you very much. POC: Website: http:www.krcert.or.kr E-mail address: certkrcert.or.kr Telephone number: +82-118

G. Report from MyCERT

Malaysian Computer Emergency Response Team – Malaysia

1.0 Introduction

2.0 Operations

2.1 Incident Handling

2.2 Abuse Statistics

2.3 New Services

2.4 Incident Handling Drills

3.0 Seminars, Workshops and Mutual Collaborations

4.0 Other Noteworthy Activities

33

1.0 Introduction

The year 2006 had been a hectic year for the Malaysian Computer Emergency Response Team MyCERT, both in handling security incidents, involving in various activities in the field of ICT security at local and international level, as well as moving into our new office facility. In this report, key MyCERT’s activities for the year 2006 will be highlighted.

2.0 Operations 2.1 Incident

Handling Year 2006 was a hectic year for MyCERT in handling security incidents reported to us. MyCERT received a total of 1372 incidents, which had increased 82 compared to year 2005. Besides recording the highest number of spam incidents, intrusion and fraud incidents continued to grow as was in previous years. In year 2006, we received 895 reports on .MY websites defaced. Majority of the web defacements involved mass defacements of virtual websites hosted on single physical host. A particular case in May, we saw mass defacement of 178 websites hosted on a single IP address and in November more than 200 websites were defaced at one time. Based on our analysis of a web hosting server, we found the mass defacements of websites hosted on the server was due to exploiting PHP vulnerability through Cpanel web management system. MyCERT produced an alert on the mass defacement of Malaysian websites, which is available at: http:www.mycert.org.myadvisoryMA-103.022006.html In year 2006, we also observed a surge on fraud cases with 287 reports, almost a one fold increase compared to year 2005. We also observed about 80 of the fraud cases are classified as phishing, mostly involving imitations of foreign banking websites. The phishing sites were mostly hosted on local machines running bots. About 41 14 of the incidents targeted local banks while the rest targeted foreign banks and other online payment gateways. MyCERT communicated with relevant parties resulting in the shutting down of the phishing sites and rectification of the infected systems. In addition, MyCERT also received few reports related to Internet scams. Most of these scams propagated via spam emails which led to requests for financial deposits. Users are advised not to entertain or respond to any such requests. They are encouraged to conduct financial transactions only with trusted and verified parties. Other incidents that continue to increase are harassment. There were 63 harassment incidents, which is 46.51 increase compared to 2005. Most incidents involved email harassments from disgruntled employees against employers. Spam continued to grow in 2006 compared to 2005 with more than 100 increase. Reports on malicious code for Year 2006 had reduced by 17.1 compared to 2005. Other reports that had decreased in year 2006 are hack threat, by 41.4 and denial of service by 14.3. 34 However, overall, there were no major security threats that had affected our ICT infrastructure other than the earth quake south of Taiwan in December resulting in disruption of Internet connectivity for a week. 2.2 Abuse Statistics Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Harassment 3 7 4 4 4 3 6 4 3 14 6 5 Fraud 9 23 22 32 31 26 34 21 31 19 30 9 Hack Threat 3 1 2 5 6 5 3 12 10 2 2 Malicious Code 1 6 10 7 12 8 6 5 2 4 3 4 Denial of Service 2 2 2 Intrusion 26 36 35 15 215 47 34 57 8 89 288 47 TOTAL 42 73 73 63 262 90 87 90 56 138 331 67 35 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Spam 1227 1538 1323 1200 743 1021 2059 1115 2182 3082 3245 4145 2.3 New Services In September 2006, MyCERT had introduced another value added service which is the 24x7 Call Reporting Service, to enable Internet usersorganizations to reach MyCERT during emergencies 24x7. This is another initiative made to encourage usersorganizations within the constituency to report cyber security incidents to MyCERT.

2.4 Incident Handling Drills

In 2006, MyCERT was involved in two Incident Handling Drills. The ASEAN Incident Handling Drill held on 28 th July involved nine CERTs from seven ASEAN economies, while the APCERT Incident Handling Drill held on the 9 th December, involved 15 teams from 13 economies in the Asia Pacific region. The exercise illustrates the criticality in having immediate access to an effective contact point beyond physical borders and across time domains. 3. Seminars, Workshops and Mutual Collaborations i MyCERT Special Interest Group SIG Knowledge Sharing Sessions In year 2006, MyCERT organized three SIG sessions targeting mainly technical personnel from various critical sectors, IT managers and researchers involving prominent presenters from industry who spoke and shared their knowledge and experience with the audience. These sessions proved to be an effective platform to promote networking across sector sharing common issues as well as counter measures. 36 ii Promoting the Cooperation Between Local Banks in Incident Handling In addition, MyCERT also actively participates in the Internet Banking Task Force which consists of representatives from almost all local banks in Malaysia. iii Incident Handling training MyCERT had also conducted Incident Handling Trainings within the year to several public and private sectors.

4.0 Other Noteworthy