Sunday, October 20, 2019

AMARAN AWAL (ALERT) MENGENAI ANCAMAN SERANGAN SIBER RANSOMWARE BAHARU


Pusat Kawalan dan Penyelarasan Siber Negara (National Cyber Coordination and Command Centre (NC4)), Majlis Keselamatan Negara (MKN) telah mengesan serangan siber Ransomware (perisian komputer merbahaya) baharu. Ransomware ini merupakan sejenis perisian merbahaya yang menyekat akses kepada data di dalam komputer yang dijangkitinya (menggunakan kaedah encryption) dan menuntut wang tebusan sebagai syarat untuk membenarkan akses semula kepada data tersebut.
MKN telah mengeluarkan satu amaran awal (alert) yang mengandungi langkah-langkah pencegahan yang perlu dilaksanakan bagi melindungi sistem masing-masing daripada serangan ini seperti berikut:

ALERTS AND ADVISORY FROM NC4
 
Here is a list of new Alert and Advisory released in the NC4 Portal:
Title: New Variant of SamSam Ransomware Discovered
Introduction
National Cyber Coordination and Command Centre (NC4), National Cyber Security Agency (NACSA) has recently discovered a new variant of the SamSam ransomware.
Impact
Information loss, service disruption and monetary loss.
Brief Description
Recently, NC4 has received a report on ransomware attack and conducted an investigation to assist affected agency in recovering from the incident.  During the investigation, we have managed to acquire a sample of the said ransomware.
Based on our initial analysis of the ransomware, we have discovered that the ransomware has the same characteristic of SamSam ransomware that hit the world back in 2016 but with a new unknown variant that manage to bypass antivirus protection. The original Samsam ransomware has the capability to steal password in memory using the password-attacking tool called, mimikatz. Analysis are still being carried out and therefore, technical analysis and details will be published later once analysis are completed.
Therefore, in the wake of this event, organisations are urged to take the necessary actions to protect their ICT infrastructure and to make sure all backups are properly secured and isolated. Organisations are reminded to always be vigilant in order to avoid from becoming a victim of these incidents.
Affected Products
All Microsoft Windows Operating Systems
Recommendation
Organisations are required to take the following actions:
  1. Warn your users not to open or click on unsolicited mails and links with/without attachments;
  2. Review your user credentials list for any new additional unknown user;
  3. Make sure your backup file/database is isolated from the network;
  4. Monitor your environment closely for any anomalies;
  5. Apply principle of least privilege to all credentials;
  6. Block unnecessary ports and services in particular remote desktop (RDP)
  7. Should RDP services are required, allow RDP through VPN connections only and limit access to RDP access to pre-defined IPs only;
  8. Implement multi-factor authentication for Entreprise Admin;  
  9. Lock down access to command prompt and other shares as much as possible
  10. Applying application whitelisting; and
  11. Report immediately to NC4 if your organisation fall victim to a ransomware attack.
References
How to defend yourself against SamSam ransomware
Top 4 Strategies to Mitigate Targeted Cyber Intrusions - Mandatory Requirement Explained


Thank you.

National Cyber Coordination & Command Centre (NC4)
COMPUTER EMERGENCY RESPONSE TEAM KEMENTERIAN PENDIDIKAN MALAYSIA (CERTKPM)

No comments:

Post a Comment