171 iii.
Successfully handle high profile incidents such as Advanced Persistence Threat APT attacks, Trojans, and mobile phone malware;
iv. Automate the incident response processes; and
v. Launched Cyber999 Mobile Apps for Internet users to report incidents.
2.2. Malware Research Centre MRC
MyCERT also manages the CyberSecurity Malaysia Malware Research Centre MRC launched on December 2, 2009. The centre operates a distributed research
network for analysing malware and computer security threats. Collaboration with trusted parties and researchers in sharing cyber threat research information
provides opportunity to strengthening and understanding the threats. Among the activities of the MRC are as follows:
i. Conduct research and development work in mitigating malware threats;
ii. Produce advisories and reports related to the latest threats;
iii. Monitor threats via the distributed Honeynet project; and
iv. Collaborate in malware research with Universities, CERTs and international
organizations.
2.3. Constituency
MyCERT’s constituency is the Malaysian Internet Users. Incidents within Malaysia that have been reported either by the Malaysian public or international
organizations will be resolved by assisting on technical matters. If the reported case involves international connection, MyCERT will request trusted parties in
that particular country or constituency to assist in resolving the security issues.
2.4. MyCERT’s Activities Operation 2.4.1. Incident handling reports and abuse statistics
MyCERT receives reports from various parties within its constituency as well as foreign correspondents. These include home users, private sectors, government
sectors, security teams from abroad foreign CERTs, Special Interest Groups, as well as internal proactive monitoring by CyberSecurity Malaysia staff.
In 2014, MyCERT has produced the following cyber threat notifications: i.
38 Advisories ii.
32 Alerts The specific list of the advisory, alerts and summary reports can be viewed at:
172 http:www.mycert.org.myenservicesadvisoriesmycert2014mainindex.html
MyCERT under its Cyber999 service has successfully resolved more than 98 out of 11,918 incidents reported, an increase of 12 incidents reported compared to the
year 2013. The bulk of the reported incidents was related to Fraud 37.6 and followed by Spam 30.6 and Intrusion Attempt 10.9.
Other significant cases reported, according to the percentage of report were Intrusion 9.4, Malicious Codes 6 and Cyber Harassment 4.6.
The figures below show the reported cases handled by MyCERT for the year 2014:
Figure 1: Reported Incidents handled by MyCERT in 2014
Further information on Cyber999 statistics can be viewed at: http:www.mycert.org.myenservicesstatisticmycert2014maindetail949in
dex.html
2.5. MyCERT’s Events Involvement And Achievements
MyCERT has actively participated in providing support for IT security events by attending various trainings, seminarsconferences and meetings. MyCERT
members contributed their expertise in the following events:
173
2.5.1. Cyber Drills
MyCERT is the organizer of the OIC-CERT Cyber Drill. This international exercise was conducted on June 4, 2014. The objective of the drill is to test the
communication channels, procedures in handling contingencies and the technical capabilities of participating teams in handling cyber incidents. Thirteen 13
CERT teams from twelve 12 countries had participated in the exercise. Besides the OIC-CERT Cyber Drill, MyCERT has also involved in three 3 other
international Cyber Drills, namely: i.
APCERT Drill 19
th
February 2014; ii.
IMPACT International Cyber Exercise 13
th
May 2014; and iii.
ASEAN CERT Incident Drill – ACID 24
th
September 2014.
2.5.2. Trainings
Several workshops or hands-on training were conducted by MyCERT in year 2014 which includes:
i. Incident Handling and Network Security IHNS Training for Private and
Government Sectors; ii.
Incident Handling and Network Security IHNS Training for Nigeria CSIRT; and
iii. Workshop on Cyber999 Customer Relations Management CRM System for
local Law Enforcement Agencies LEA.
2.5.3. Presentations
MyCERT has been invited to give talk at various international conferences or seminars. Among the distinguished events were:
i. Artificial Intelligence Computer ScienceAICS 2014, Bandung, Indonesia, 15
September – 16 September 2014; ii.
APCERT AGM Conference 2014, Taipei, Taiwan, 18 – 21 March 2014; iii.
National CSIRT Meeting 2014, Boston, USA, 28 – 29 June 2014; iv.
OIC-CERT Annual Conference and AGM 2014, Bandar Seri Begawan, Brunei, 20 – 22 October 2014; and
v. Tokyo International Conference on Engineering and Applied ScienceTICEAS
2014, Tokyo, Japan, 17 – 19 December 2014.
2.5.4. Tools Developed
174 i.
Cyber999 Mobile Application for Android and iOS Apple; ii.
Android Sandbox; and iii.
HeartBleed Verification Site.
2.5.5. Paper Publication
MyCERT had contributed to the cyber community by providing few articles in various publications:
i. Title: Automated Enhancement Tool for Malware Incident Handling;
Published: Artificial Intelligent Computer System AICS 2014; Proceedings.
ii. Title: Automating Big Data Analysis: Malaysia CERT Experience;
Published: Proceeding of the Tokyo International Conference on Engineering and Applied Sciences 2014.
2.5.6. Social Media
Technological advancement through social media has provided invaluable tool for MyCERT to disseminate information across a wide audience. MyCERT through
Facebook account https:www.facebook.commycert.org.my had gathered 1,782 likes and 947 followers at MyCERT Twiiter account https:twitter.commycert.
Being the technical reference centre of the country, MyCERT has been invited by the media organizations for radio and television interview on cyber security
related matters.
3.
INTERNATIONAL COLLABORATION The Malaysian National Cyber Security Policy identified International Cooperation
as one of the areas in enhancing cyber security. In line with this, CyberSecurity Malaysia has been actively involved in establishing collaborative relationships with
foreign parties.
3.1. Working Visits
CyberSecurity Malaysia made several working visits to various international organizations to further enhance the country’s cyber security condition. The
objective of the visit is to seek potential collaboration in knowledge exchange. Among the visits are:
175 i.
University of Oxford e-Research Center; ii.
University of Surrey; iii.
Trend Micro CSIRT, Taiwan; iv.
Myung Information Technologies Co. Ltd MIT Korea; and v.
CERT-UK. CyberSecurity Malaysia also received several working visits from foreign
organizations who have the similar objectives, such as from: i.
International IT University, Kazakhtan; ii.
The Republican State Enterprise Technical Service. Kazakhtan; iii.
Ministry of Awdaf and Islamic Affairs, Kuwait; and iv.
Organization of the Islamic Cooperation, Saudi Arabia
3.2. Memorandum of Understanding MoU