Pages

Share This

Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts

Saturday, August 10, 2024

No banking on hacked phones

 


PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.

In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.

Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.

“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement. 

Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.

“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.

He added that customers’ banking information and personal data will remain confidential.

Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.

“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.

Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.

When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.

“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.

While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.

“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.

Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.

“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.

Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.

“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.

Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.

“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.

He added that the criteria used to define a “compromised device” must be transparent and precise.

“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.

“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.

Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.

“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.

Customers also need to be constantly reminded of the latest potential online scam attempts.

“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.

Source link 

Related posts:

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES


EXCLUSIVE On top of the scams list: Beating the cheats

 


Friday, March 29, 2024

Malaysia's internet still not quite up to speed

 


Group push for higher broadband standards amid new regulations


PETALING JAYA: New regulations are set to take effect on April 1 to enhance the overall quality of wireless broadband services, with telcos required to deliver a minimum download speed of 7.7mbps.

But with the regulatory body, Malaysian Communications and Multimedia Commission (MCMC), saying that the product offerings of telcos to users will not be affected, meaning that plans below 7.7Mbps will not change after April 1, consumer and other groups have countered to say that the aim should be to improve user experience.

Federation of Malaysian Consumers Associations (Fomca) vice-president and legal adviser Datuk Indrani Thuraisingham said the download speed of 7.7mbps set is not good enough as Malaysia aims to be one of the top AI hubs in the region.

“We need to compare ourselves with other neighbouring countries to ensure that we will be able to compete,” she said when contacted yesterday.

ALSO READ : ‘Current mobile plans not affected by new standard’

Malaysian Association of Standards Users (Standards Users) secretary-general Saral James Maniam said the existing Mandatory Standards for Quality of Service (MSQoS) aims to safeguard consumer interests and ensure optimal wireless broadband services, while the updated one focuses on further enhancing Internet service quality across the country.

“The new MSQoS mandates an average download speed of at least 7.7Mbps, compared with the existing requirement of 2.5Mbps for mobile and 25Mbps for fixed wireless access.

“The standards will ensure the providers comply to prioritise quality and potentially invest in upgrades to meet the new standards,” she said.

After conducting a comparison of Internet download speeds in Malaysia, Singapore, Thailand, Vietnam and Indonesia, she said she found that “Malaysia can do much better”.

She said Singapore currently has among the fastest mobile download speeds at 264.15Mbps while its fixed broadband download speed is at 263Mbps.

“Singapore leads with the fastest speeds in both categories. Thailand and Vietnam have moderate speeds. Malaysia must maintain a speed that is at least comparable to that of Indonesia’s and 7.7Mbps is very low,” she added.

Saral James said MCMC will monitor compliance with the new minimum standard and penalties might apply for non-compliance, highlighting the importance of adhering to the new standards.

“There is a transparency needed on how the compliance will be monitored,” she said, adding that it would be better if users also monitor their download speeds.

“The question is what is the application available for the consumer to check and report?” she asked.

Malaysia Cyber Consumer Association president Siraj Jalil said it is important for service providers to give a clear baseline on minimum download speed.

“This will be good for users; if they understand what is their right, their awareness will increase. The authorities should also from time to time measure the service providers’ services,” said the head of the body which focuses on educating users on digital technology,

Consumers Association of Penang’s (CAP) education officer NV Subbarow said it is the duty of the government to provide the best facilities to consumers.

“Consumers are paying the charges they are requesting. The service providers must ensure and strictly follow the new ruling,” he said.

Source

Related stories:

Students lament cheaper mobile plans with crawling speeds

‘Current mobile plans not affected by new standard’

SMART bridging Sarawak’s digital divide

‘Sabah Internet still has big room for improvement’

Related posts:

Internet Speed in Asia, Telekom Malaysia Not so broadband but a chore !

Malaysia's Broadband Plans Not Up to Speed Yet


Thursday, July 27, 2023

Musk’s Starlink lands in Malaysia

Just landed: Starlink announced its arrival in Malaysia with a photo of its electronic phased array antenna set against a backdrop of the Petronas Twin Towers in Kuala Lumpur. — @Starlink/Twitter


PETALING JAYA: Starlink’s satellite-based broadband service is now available in Malaysia, following the Prime Minister’s virtual meeting with Elon Musk on July 14.

This makes Malaysia the 60th country to be served by the Musk-owned satellite constellation.

The service, which doesn’t come with a contract, requires users to self-install the hardware and purchase the starter kit.

Customers can try out its service for 30 days and return the hardware for a full refund if they are not satisfied with it.

In an announcement on July 20, Communications and Digital Minister Fahmi Fadzil said that Malaysia issued the licence to allow Starlink to provide Internet services locally.

He added that the government is prepared to cooperate with satellite communication firms such as Starlink to achieve 100% Internet coverage in populated areas.

However, Dr Sean Seah, Malaysian Space Industry Corporation (Masic) pro tem deputy president, is concerned that Starlink’s entry could put local companies at a disadvantage.

"Furthermore, currently Malaysia has achieved more than 96% nationwide Internet connectivity coverage (Malaysia Stats Dept 2022) with services from Malaysian companies without Starlink."

"Chances must be given to local companies that have invested billions, before bringing in Starlink to compete with them," he said.

He also claimed that Malaysia may be exposed and risks being under "surveillance" or "profiling" by Starlink satellites, adding that they are also "not owned, controlled, or regulated" by Malaysian regulators and law enforcement, and Starlink has been given a "special exemption" to operate in Malaysia as a 100% foreign-owned entity.

"This may lead to national sovereignty issues," Seah said in a statement.

Starlink’s Starlink Kit comes with an electronic phased array antenna with a base suited for ground installation, a WiFi router and cables.

The standard version, which Starlink recommends for “residential users and everyday Internet applications” costs RM2,300.

The high-performance kit, which is priced at RM11,613, is recommended for “power users and enterprise applications”.

Starlink claimed that the high-performance kit offers improved weather resistance, three times better speeds at temperatures above 35°C and better visibility, especially in areas with unavoidable obstructions.

Starlink’s Internet plan offers up to 100Mbps (megabits per second) download speed and costs RM220 monthly.

Customers will also have to pay an additional RM100 for shipping and handling fees, with delivery times expected to be between one and two weeks.

Datuk Seri Anwar Ibrahim held a discussion with Musk on July 14, welcoming the company’s decision to invest in Malaysia, which includes launching Tesla EVs and Starlink.

In an online report, Anwar said that he has ordered 40 Starlink sets for schools, colleges and universities.

Source link

Related posts:

Malaysia on right track to be EV power house

Monday, February 20, 2023

How to prepare for cyber risks


Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?

This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?

The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.

Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences. 

Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.

Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:

In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.

The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.

STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.

Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.

In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.

So how was this achieved – must have been very sophisticated? Actually, not.

Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.

The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.

The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.

However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.

The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.

This was another eureka moment – national power grids are not safe from threat actors either.

One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.

In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.

After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.

Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.

These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.

These are some of the logical first steps to consider:

User account security

User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.

Here are the suggested foundational controls that should be considered:

> enable the detection of unsuccessful user login attempts

> change all default passwords and implement multi-factor authentication

> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)

> revoke the credentials of departing employees.

Device security

Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.

Here are the suggested foundational controls that should be considered:

> approval process for new hardware and software deployment

> the disablement of macros by default > maintaining an up-to-date asset inventory

> prohibiting the connection of unauthorised devices

> documenting device configurations.

Data security

The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.

Here are the suggested foundational controls that should be considered:

> strong and agile encryption

> enable log collection

> secure storage of the said logs.

Governance and training

A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.

Here are the suggested foundational controls that should be considered:

> appointment and empowerment of a single leader to be accountable for cybersecurity

> a single leader to be responsible for Ot-specific cybersecurity

> basic cybersecurity training for all employees and third parties

> OT specific cybersecurity training for OT managers and operators

> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.

Vulnerability management

To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:

> mitigate known vulnerabilities

> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster

> blacklisting of exploitable services on the Internet

> limit OT connections to public Internet > conduct third-party validation of control effectiveness.

Supply chain/third party

To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:

> establish supplier cybersecurity requirements

> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.

Detection, response and recovery

Here are the suggested foundational controls that should be considered:

> capability to detect relevant threats and TTPS

> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.

Network segmentation

Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.

Here are the suggested foundational controls that should be considered:

> segment IT and OT networks

> segment safety critical systems form other systems

> segmentation of temporarily connected devices

> segmentation of wireless communications

> segmentation of devices connected via untrusted networks/internet.

Email security

By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.

Here are the suggested foundational controls that should be considered:

> Email encryption

> Email account authentication

> and email filtering.

In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.

By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s own. 

Source link

 

Related:

 

Exclusive: Hacker group with members from Europe, North America found to have launched cyberattacks against China

Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday. 

 

 

Related posts:

 

Beware links asking for banking details, it's likely a scam, say cops. With online businesses on the rise, the scammers are getting more..

 

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES

China captures powerful US NSA cyberspy tool

 

Monday, November 7, 2022

China's cyberspace whitepaper highlights cooperation, 'fundamentally different' from US' proposition

 

 cyberspace Photo:VCG 

China's State Council Information Office issued a white paper titled "Jointly Build a Community with a Shared Future in Cyberspace," which is fundamentally different from the US' earlier release "Declaration for the Future of the Internet," as China advocates that cyberspace is the common home of humankind instead of creating division and confrontation by ideology.

The Office released the white paper during a news conference on Monday morning in Beijing, which introduces the achievements of China's Internet development and governance practices over the past decade and puts forward the Chinese proposition of building a community with a shared future in cyberspace.

As problems of unbalanced development, unsound rules and unreasonable order in the cyberspace are becoming increasingly prominent and cyber hegemony poses a new threat to world peace and development, effective solutions and joint efforts are needed to address the problems, officials said.

China's white paper is fundamentally different from the US and its partners' joint release "Declaration for the Future of the Internet," said Qi Xiaoxia, director general of the Bureau of International Cooperation of the Cyberspace Administration during Monday's news conference.

The "Declaration for the Future of the Internet" attempts to impose its own standards on others, draw ideological lines in the cyberspace, draw "small circles," create division and confrontation and violate international rules, Qi said. These actions have seriously undermined the unity of the internet family and affected the stable development of the global internet.

In the US' vision, it has abandoned multilateral platforms such as the UN and is keen to form various exclusive cliques instead, in an attempt to draw ideological lines and undermine the global rules of Internet governance by touting its unilaterally-defined principles, trying to create an exclusive bloc in the name of democracy, Chinese Foreign Ministry spokesperson Zhao Lijian said in May.

Instead, China advocates openness, cooperation, tolerance and mutual understanding, he said.

"We believe that cyberspace is the common home of humankind, and that the future of cyberspace should be in the hands of all countries in the world, not by a single country or a few countries."

China advocates that the UN play the role of the main channel in the international governance of cyberspace, and that the international community adhere to the principles of common consultation, construction and sharing, strengthen cooperation and jointly develop international rules for cyberspace, Qi said.

China is willing to deepen cooperation with countries around the world, promote the reform and construction of the global internet governance system, she said.

However, contrary to China's vision of mutual benefit, there are many restrictions on the development of Chinese companies in some countries while they are actively exploring the international market.

"Chinese enterprises have carried out international research and development cooperation, and provided a large number of safe, reliable, high-quality and inexpensive products and services to the world, which are widely welcomed," Qi said.

"Chinese enterprises have actively fulfilled their corporate social responsibility and provided a large number of employment opportunities for the countries and regions where they operate."

Qi pointed out that the reason is clear for the development restrictions of some Chinese enterprises including Huawei in overseas market.

"On the pretext of 'national security,' certain countries have abused export control measures to maliciously block and suppress Chinese enterprises, which undermines the legitimate rights and interests of Chinese enterprises and causes serious disruptions to the stability of the global industrial supply chain," she said.

The Chinese government opposes politicization of technical issues and abuse of state power to suppress and curb other countries' enterprises by any means in violation of market economy principles and international economic and trade rules, said the white paper.

Besides, Qi denied that China's cybersecurity build-up would affect foreign companies' operations in China.

"Such worries are totally unnecessary," Qi said, responding to a question raised by a foreign reporter. "What is foreseeable is that China's open door will only get wider."

Data show that the number of foreign-funded enterprises in China has exceeded 1 million, which shows that foreign enterprises are very confident in China's business environment. The Chinese government has always been committed to creating a market-oriented, rule-of-law business environment, encouraging more enterprises to operate and develop in accordance with the law, and treating both Chinese and foreign enterprises equally, Qi said. 

Source link

2022 World Internet Conference Wuzhen Summit opens - Qiushi

2-1.jpg

 

China to open World Internet Conference in Wuzhen, with less ...

Image result for China to open World Internet Conference in Wuzhen, with less Big Tech fanfare and more emphasis on policy
China will open the annual World Internet Conference (WIC) on Wednesday in the historic town of Wuzhen, as it seeks to promote its vision of internet governance at a time when Big Tech firms continue to reel from months of increased regulatory scrutiny and economic headwinds.23 hours ago
 
 
RELATED ARTICLES
 

 Related posts:

 

  Mengtian lab module successfully launched. Graphic: Xu Zihe/GT China Space Station completes T-shape basic structure assembl...
 
  GPS / China says BeiDou navigation satellite system is completely function now      Live: China issues The White Paper on China's Be...