By Managing Director of Trend Micro Malaysia and Nascent Countries, Goh Chee Hoh.
The recent alert from The National Cyber Security Agency (Nacsa) for government agencies to brace for a cyberattack from malicious players underscores the need to secure the nation’s data, IT infrastructure, and systems.
A potential attack on the systems that provide a gateway to sensitive and personally identifiable information (PII), as well as the nation’s infrastructure, will have far sweeping consequences, especially as we are grappling with the ongoing effects of Covid-19.
It is crucial for government agencies to stay vigilant, secure all vulnerable endpoints, and keep systems and applications patched and up to date, especially as employees may be working remotely. A few security best practices to keep in mind in an increasingly volatile threat environment include:
- Ensure all hardware and software is patched. Any known vulnerabilities could be used to breach and attack the website. Tighten configurations and ensure regular updates and virtual patching for the host and network layer.
- Use strong passwords. When there is a threat of attack, reset all critical users’ passwords. Default passwords should be replaced with robust credentials that include a mix of numbers, letters and special characters that cannot be easily guessed.
- Zero Trust Policies. Apply zero trust protocols for users, especially those working remotely that have access to server farms. Deploy layered protection on server farms to tighten application controls.
- Mind the human element. Ensure employees are up to date with the latest cybersecurity practices and comply with existing corporate security policies. Continuous training and education go a long way towards enhancing skills and knowledge to build a proficient workforce for the digital age.
- Activate contingency plans and backups to minimize the potential losses of data and other information following an attack.
For background on hacktivism
Hacktivist groups such as Anonymous Malaysia are based on loose membership with members joining and leaving at any point in time and may also form alliances with other hacking groups for certain hacking campaigns.
Hacktivist attacks can take the form of any of the following:
- Web defacements (changing the content of the website to show the hacktivists’ message)
- Dos (denial of service) attacks (to render the website inaccessible to users)
- Data leaks (as most websites contain databases, the malicious players are able to access the data when they deface websites)
- Doxing (revealing personal information such as addresses and phone numbers, mostly of notable public figures such as politicians or celebrities)
Hacktivists normally do not have a very high degree of technical proficiency, as compared to an experience pen tester. But this lack in technical proficiency is compensated by their use of various hacking tools, coordinated effort to scan for vulnerable websites and sharing of information between members.
In the end, because of the volume of probing hacktivists carry out, they would likely be able to perform a successful attack. This is probably the biggest challenge for security professionals, as it only takes a single successful hack for the attackers to claim victory.
To help minimize the impact of a hacktivist campaign, make sure that all relevant parties are alerted. In-house staff as well as third party service providers should be included in briefings and be put on-call, ready to resolve any security incident. As it is almost impossible to determine what will be attacked and how, it is important to be ready to resolve the issue and make the successful hack as short lived as possible.
For more information, please refer to Trend Micro’s whitepaper on hacktivism.