ii e-Security | Vol: 50 - (1/2021) © CyberSecurity Malaysia 2021 - All Rights Reserved WELCOME MESSAGE FROM THE CEO OF CYBERSECURITY MALAYSIA Dear Readers, In 2020, there was a global shift in the way businesses operate due to the COVID-19 pandemic. Conversations became digital, social distancing became the norm, and paper was phased out in favor of technology. Yes, this year, we are still fighting the pandemic. Most industries had to adjust in some way in order to survive this pandemic. Years of digital advancement transpired in months, putting cybersecurity at the forefront. Many businesses still had no plans or were reluctant to return to an entirely 100% on-site workforce, since many states in Malaysia remain in lockdown or partial lockdown. This situation has forced organisations to immediately implement work-from-home policies and mechanisms for their staff. However, the rush to set up remote work programs had left security gaps that cybercriminals are aggressively exploiting. Companies will continue to face threats in 2021, facilitated by widespread teleworking. As the world shifted to a remote work model in reaction to the COVID-19 pandemic, a stream of new threats, technologies, and business models emerged in the cybersecurity arena. In Malaysia, during the period from January to June 2021, Cyber999 received a total of 5,737 cyber incident reports. People need to be vigilant in the ways they perform daily tasks. With more people working, schooling and shopping from home than before, it is no surprise the types of incidents experienced have changed. For example, ransomware and cyber harassment have become quite common as compared to previous years. We have articles related to these two topics, entitled ‘The Evolution of Classic Ransomware to Double Extortion’ and ‘Cyber Harassment: Cybercrime Precursors and Its Strategic Repercussions’. The growth of remote working requires a stronger emphasis on cybersecurity, attributed towards high vulnerability to cyber risk. While working or performing banking transactions at home, anyone may fall victim to a phishing scam. Cyber-attackers perceive the pandemic as a chance to intensify their criminal activities by exploiting network vulnerabilities that may not be as safe as they should be. We are presenting articles such as ‘Hackers’ Way to Breaching Your Password’ and ‘5 Tips to Be Safe from Cyber Security Attack’ to increase your awareness in safeguarding yourselves against such incidents. Amidst this COVID-19 lockdown, many people have turned to social media websites and other apps to pass the time. It is no longer a doubt that usage of social media platforms such as Facebook, TikTok, Twitter, and WhatsApp has increased drastically. Indeed, companies today rely heavily on WhatsApp to communicate and exchange documents. Data leakage via social media platforms and user-generated content websites can compromise personal information, intellectual property, and confidential business operations, as well as reveal valuable information that perpetrators can use to target your organization. For these topics, we’re presenting ‘Differential Privacy to Preserve Personal Data’ and ‘Email and Social Media Accounts Compromised - Why Should You Take It Seriously?’ In this first issue of the e-Security Bulletin for the year 2021, I am delighted to present 25 interesting and informative articles that reflect today’s cybersecurity issues and technological landscape. The outcome of the pandemic struggle is still uncertain due to the emergence of new stronger variants and an upsurge in cases, therefore, we must fasten our belts to protect our cyberspace. We must swiftly adapt to cybercrime and attack trends. Adaptation is key to winning the battle. Stay Safe. Thank you and warmest regards, Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab Chief Executive Officer, CyberSecurity Malaysia PUBLISHED AND DESIGNED BY CyberSecurity Malaysia, Level 5, Sapura@Mines, No. 7 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan, Selangor Darul Ehsan, Malaysia. EDITORIAL BOARD Chief Editor Ts. Dr. Zahri Yunos Editor Col. Ts. Sazali Sukardi Editorial Team Yuzida Md Yazid Designer & Illustrator Zaihasrul Ariffin READERS’ ENQUIRY Knowledge Management, Level 1, Tower 1, Menara Cyber Axis, Jalan Impact, 63000 Cyberjaya, Selangor Darul Ehsan, Malaysia. PUBLISHED AND DESIGNED BY CyberSecurity Malaysia, Level 7, Tower 1, Menara Cyber Axis, Jalan Impact, 63000 Cyberjaya, Selangor Darul Ehsan, Malaysia. 1. Signal, Is It Secure Enough? ............................................................................................................1 2. Best Practices On Securing AWS Cloud S3 Bucket ............................................................................4 3. Biometric Acceptance in Malaysia Voyage .......................................................................................7 4. Hackers’ Way to Breaching Your Password ....................................................................................12 5. Crossword Puzzle: Information Security ........................................................................................15 6. 5 Tips to Be Safe from Cyber Security Attack ................................................................................17 7. Malicious Fake APK Evolution .......................................................................................................18 8. The Evolution Of Classic Ransomware To Double Extortion ...........................................................25 9. An In-Depth Look at Whatsapp Hijacking In Malaysia Through A Verification Code Scam ���������������28 10. Email And Social Media Accounts Compromised - Why Should You Take It Seriously? ��������������������32 11. Force Majeure Clause in an Agreement & Its Applicability to the Covid-19 Scenario ......................36 12. Cloud Storage ..............................................................................................................................38 13. NICTSeD 2021 (Virtual Discourse) �������������������������������������������������������������������������������������������������41 14. Differential Privacy To Preserve Personal Data ������������������������������������������������������������������������������43 15. Affirming Examination’s Quality through Item Analysis ................................................................47 16. The Critical Function of ‘Supplier Selection’ In an Organisation .....................................................51 17. Physical Security Framework For Organizations ............................................................................55 18. Infotainment Systems Technology In Modern Passenger Cars �������������������������������������������������������58 19. Cyber Harassment: Cybercrime Precursors and Its Strategic Repercussions ...................................63 20. Person Re-Identification for Forensics And Investigation ...............................................................67 21. Freedom of Expression and Dissemination of Information on the Internet ....................................71 22. Data Diode versus Firewall in ICS Environment .............................................................................77 23. Database Security: Data Masking ..................................................................................................79 24. Salah Laku dalam Penggunaan Akaun Media Sosial: WhatsApp ......................................................84 25. Kemas Kini Perisian Telefon Pintar ................................................................................................86 READERS’ ENQUIRY Outreach and Corporate Communications, Level 5, Sapura@Mines, No.7 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan PUBLISHED AND DESIGNED BY CyberSecurity Malaysia, Level 5, Sapura@Mines, No. 7 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan, Selangor Darul Ehsan, Malaysia. Signal, Is It Secure Enough? 1 By | Nor Azeala Mohd Yusof & Isma Norshahila Mohammad Shah What Is Signal? encryption on selected messages they want to send out. Signal is a cross-platform encrypted messaging • Allows users to set timers to messages. service developed by the Signal Foundation and After a specified time interval, the messages Signal Messenger. It uses the Internet to send will be deleted from both the sender's and one-to-one and group messages, which can the receivers' devices. The time interval can include files, voice notes, images and videos. be between five seconds and one week long, Its mobile application can also be used to and the timer begins for each recipient once make one-to-one and group voice and video they have read their copy of the message. calls, and the Android version has an option to The app’s developer has stressed that this function as an SMS app. Signal uses standard feature is meant to enable collaborative cellular telephone numbers as identifiers and all conversations to be automated with minimal communications to other Signal users is secured data hygiene and not meant for situations with end-to-end encryption. The app includes where a contact is an adversary. mechanisms by which users can independently • Signal excludes users' messages from non- verify the identity of their contacts and the encrypted cloud backups by default. integrity of the data channel. • Supports read receipts and typing indicators, both of which can be disabled. What Does Signal Offers? • The app allows users to automatically blur faces of people in photos to protect their Features of Signal: