Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o [email protected] o [email protected] ! Phone o +603 8992 6969 o 1 300 88 2999

Megat Muazzam Head of Malaysia CERT CyberSecurity Malaysia

CyberSecurity Malaysia OUR CORE SERVICES

2

Forensics Digital Security

Assurance

Security Management &

Best Prac6ces Info Security

Professional Development

Outreach

Strategy Engagement

Research

Cyber Security Emergency

Services

Security Quality Management

Services

InfoSecurity Professional

Development & Outreach

Strategy Engagement &

Research

2 Copyright © 2014 CyberSecurity Malaysia

Cyber Security Emergency Services

CYBER SECURITY INCIDENT (1997 – 2013)

3

INCIDENTS !  Intrusion !  Intrusion AAempt !  Spam !  DOS !  Cyber Harassment !  Fraud !  Content Related !  Malicious Code ! Vulnerabili6es Report

As of 31th Dec 2013

Copyright © 2014 CyberSecurity Malaysia

Copyright © 2014 CyberSecurity Malaysia 4

Cyber Security Emergency Services

Incident Reported 2014

Total Incident Reported as of

Jan – July 2014 : 5060

VulnerabiliFes Incident:

20

Source : www.mycert.org.my

HeartBleed Bug

" OpenSSL an implementaFon of the SSL and TLS protocols library.

" Widely used in

#  HTTPS web servers #  IMAP/SSL E-‐mail servers #  Other applicaFon that implement OpenSSL.


Issue "  OpenSSL Versions 1.0.1 through 1.0.1f affected

" Severe memory handling error in their implementaFon of the TLS Heartbeat Extension.

" Weakness allows stealing the informaFon protected, under normal condiFons, by the SSL/TLS encrypFon used to secure the Internet.

" AVackers may access sensiFve data, compromising the security of the server and its users such as:

# Session ID # Server private keys # Password


Proof of Concept (PoC)

" Proof-‐of-‐concept of this vulnerability is available to public

# hVp://s3.jspenguin.org/ssltest.py # hVp://gobuild.io/download/github.com/Ftanous/heartbleeder


SensiFve informaFon leaked


InformaFon disclosure on Pastebin

" Results -‐ wildly being shared on Pastebin.com


DetecFon " MyCERT has provide tool to assist system administrators checking whether their HTTPS websites affected by this vulnerability.

hVp://heartbleed.honeynet.org.my


Scan Result "  Number of total scan : 6486

"  Result Vuln Domain detecFon : 40


Advisory / Awareness

Source: hVp://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/964/index.html

Through :

1)  Social Media 2) Website 3) Special Interest Group


Beyond HeartBleed

•  What’s System Administrator to do?

–  Inventory your hosts and the soaware that you run

–  Read your logs

–  Control your network perimeter

–  Talk to your users

–  Patch / Update / Upgrade


Lesson Learned

•  Don’t use the same password in mulFple places.

•  Change your passwords at least once a year

•  Use mulF-‐factor authenFcaFon where available.

•  Password managers can be your friend.

•  Be very, very suspicious of emails that ask you to verify an account.


Cyber999 -‐ Technical Assistance !  Email

o  [email protected]

o  [email protected]

!  Phone o  +603 8992 6969

o  1 300 88 2999 !  Fax

o  +603 8945 3442

!  SMS o  15888 “Cyber999 Report”

!  Mobile (24x7) o  +6019 266 5850

!  Online – hVp://www.mycert.org.my

!  Cyber999 App

!  Office Hours – MYT 0830 -‐ 1730

Megat Muazzam - APNIC · Cyber999!Q!Technical!Assistance!! Email! o [email protected] o [email protected] ! Phone o +603 8992 6969 o 1 300 88 2999

Documents