The National Cyber Coordination and Command Centre (NC4) of the National Cyber Security Agency (Nacsa) has detected an increase in cyber security incidents in Malaysia up to February, with a similar trend recorded globally.
Nacsa in a statement today said the perpetrators are targeting high-profile and vulnerable websites, online systems, networks, and applications belonging to private and government organisations in Malaysia.
According to the statement, agencies and organisations affected, particularly those from the National Critical Information Infrastructure (NCII), have proactively reported these incidents to Nacsa for coordination and monitoring purposes.
“Based on the analysis and pattern of attacks launched by the perpetrators, there has been an increase in attacks through stolen credentials such as usernames and passwords from victims’ devices that have been infected by ‘infostealer’ (information stealer) malware.
“This technique does not require a high level of technical understanding and skill because it relies on negligence and weaknesses in identity protection in the information technology environment,” read the statement.
Nacsa said it has also issued advisories and warnings on Jan 26 and Feb 12 outlining measures to be implemented by government and private organisations.
The agency said that through the National Cyber Crisis Task Force’s first meeting of 2024 on Jan 29, it agreed to raise the country’s cyber threat level from low (green) to moderate (blue).
This is to implement proactive measures to increase the preparedness of organisations and agencies to protect critical assets from being affected.
“Among the short-term solutions suggested are the installation of legitimate anti-virus software on user devices and the implementation of password changes to stronger ones.
“However, to enhance the security level of system and application access, it is recommended that Multi-Factor Authentication (MFA) be used to curb attack vectors focusing on compromised user passwords,” said Nacsa.
It said the Cyber Security Bill would also be tabled in the current Parliament sitting, empowering the agency to establish a cyber security standard to be complied with by NCII and impose legal actions for any non-compliance.
Meanwhile, Nacsa said it also consistently collaborates with local and foreign authorities to assist in the investigation, detection, and neutralisation of perpetrators.
“Nacsa is committed to monitoring cyber threats against the country through NC4 by upgrading capabilities and capacities, whether in terms of technology or expertise, to preserve the sovereignty and security of the nation,” it added.
- Bernama
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.