MCMC Network Security Center (NSC) is a unit under the Malaysian Communications and Multimedia Commissions's Network Security Management Department (NSMD) that serves as the Computer Security Incident Response Team (CSIRT) for the Communications and Multimedia sector in Malaysia.
Constituents
MCMC Network Security Center's (NSC) primary constituents are licensees under the Communications and Multimedia Act 1998 (CMA98), which consist of Network Service Providers, Network Facilities Providers, and Content Application Service Providers in Malaysia.
MCMC NSC Activities
Sectoral CSIRT
MCMC Network Security Center (NSC) serves as the Computer Security Incident Response Team (CSIRT) for the Communications and Multimedia sector in Malaysia. NSC's primary constituents are licensees under the Communications and Multimedia Act 1998 (CMA98), which consist of Network Service Providers, Network Facilities Providers, and Content Application Service Providers in Malaysia.
Anti-Phishing
MCMC Network Security Center (NSC) Anti-Phishing is an initiative by NSC (with the cooperation of Banks, Network Service Providers, and etc.) to mitigate phishing incidents in Malaysia. (Email: [email protected])
Advisories
MCMC Network Security Center (NSC) issues periodic advisories (including alerts) to licensees under the Communications and Multimedia Act 1998 (CMA98), on arising network security threats and incidents.
Industry Talks
Knowledge sharing sessions conducted bi-annually by for licensees under the Communications and Multimedia Act 1998 (CMA98), with participations from various organizations including government agencies, technology providers, academia, and etc.
Capacity Building
MCMC Network Security Center (NSC) (via its parent Department) annually organizes capacity building programs on ISO/IEC 27001 Information Security Management (ISMS), and ISO 22301 Business Continuity Management System (BCMS); for licensees under the Communications and Multimedia Act 1998 (CMA98).
Technical Codes Development
MCMC Network Security Center (NSC) (via its parent Department) works closely with the Malaysian Technical Standards Forum Bhd (MTFSB) being the designated Technical Standards Forum (TSF) under the Communications and Multimedia Act 1998 (CMA98), (Part V, Chapter 9):- to develop Information and Network Security Technical Codes for the Communications and Multimedia sector in Malaysia.
Assessments
MCMC Network Security Center (NSC) (via its parent Department) conduct assessments in the areas of ISMS and BCMS on licensees under the Communications and Multimedia Act 1998 (CMA98), and on other Critical National Information Infrastructure (CNII) organizations (on per case basis). Adherence of licensees under the Communications and Multimedia Act 1998 (CMA98) to the Information and Network Security Technical Codes, are also periodically assessed.
Cyber Drills
MCMC Network Security Center (NSC) actively participates in domestic and international Cyber Drills such as the ASEAN CERT Incident Drill (ACID), Malaysia's National Cyber Crisis Exercise (X-MAYA), and the International Telecommunication Union (ITU) Cyber Drill for Asia-Pasific and CIS regions.
Highlight 2023
Incident Handling
MCMC Network Security Center (NSC) handled a total of 3099 network security incidents throughout 2022.
The highest number of incidents in 2022 was Phishing with 1653 incidents, followed by Malware and Botnet with 754 incidents.
Other incidents such as Spam, Vulnerabilities, Attempted Intrusions, Denial of Service (DoS), and etc., constitute the remaining 692 incidents.
Security Advisory/Alert
Throughout 2022, MCMC Network Security Center(NSC) issued a total of 13 security advisory/alerts to constituents under MCMC NSC's purview:
1. Cisco RV Series Routers Multiple Critical Vulnerabilities
2. Malicious IOCs Linked with Lockbit 2.0 Ransomware
3. Linux Kernel Arbitrary File Manipulation Vulnerability (Dirty Pipe)
4. Vigilance During The Hari Raya Holidays
5. F5 BIG-IP iControl REST vulnerability
6. Exploitation of VMware Vulnerabilities (CVE-2022-22954,CVE-2022-22960)
7. Microsoft Office zero-day "MSDT Vulnerability" (CVE-2022-30190)
8. Threat Actors Exploiting Publicly Known Vulnerabilities
9. Alert on Potential Cyber Attack on Malaysian Domain
10. Beware of Email Pretending to be from MCMC Officers
11. APT Group Targeting Organizations In Malaysia
12. APT Group Exploiting Vulnerabilities for Data Ransom Operation
13. SQL Injection attack by Threat Actor (TA) on public facing infrastructure
MCMC NSC also issued weekly alerts and reports based on consolidated incidents monitoring reports from sectoral Critical National Information Infrastructure (CNII) organizations.
Cyber Drill
MCMC Network Security Center (NSC) involved / participated in three (3) cyber drills / exercises in 2022, namely:
1. International Telecommunication Union ("ITU") Cyber Protective Shield
This cyber drill exercise focused on the various incident scenarios that incident response teams and stakeholders face in their day-to-day operations.
Activities include technical analysis of systems, network forensics, as well as incident handling challenges related to Operational Technology ("OT"), ransomware, and lateral movement.
2. ASEAN-Japan (AJ) Cyber Drill Exercise 2022
In this Cyber Drill exercise, the process of simulating and coordinating incidents and threats was carried out by ASEAN-Japan through the designated communication platform.
This exercise enhanced participant's readiness in facing the simulated cyber-attacks, and familiarized participants with the communications protocols between countries, and the procedures to handle arising attacks.
3. ASEAN Computer Emergency Response Team ("CERT") Incident Drill ("ACID") 2022
The theme for 2022 is "Preparedness Against Disruptive Cyber-Attacks" where participants were required to deal with simulated incidents involving the use of software by organizations that have been exploited by the common vulnerabilities and exposures (CVE).
This exercise enhanced participant's capability in facing cyber security threats within the supply chain, while strengthening capacity in incident handling.
Security Assessment
MCMC Network Security Center (NSC) (via its parent Department) performs and participated in security assessments with a focus on the protection of Critical National Information Infrastructure (CNII).
A total of 59 assessment were carried out in 2022, including facilities and organizations in the telecommunications, broadcasting, energy, transportation, oil and gas, water, government and other critical sectors.
Capacity Building
MCMC Network Security Center (NSC) (via its parent Department) in 2022 conducted a seminar on Introduction to Information Security Management System ISO/IEC 27001 for constituents under the purview of MCMC NSC.
A total of 86 participants attended the seminar representing small, medium, large Network Service Providers, Network Facilities Providers, and Content Application Service Providers.
National 5G Security Risk Register
MCMC Network Security Center (NSC) (via its parent Department) has led the formation of the 5G Security Working Group ("5GSWG") with Malaysia's mobile network operators ("MNO") to collectively address possible risks associated with 5G implementations.
The National 5G Security Risk Register has been successfully developed in 2022 by the 5GSWG, and the implementation of the various controls are monitored and periodically reported to MCMC.
Contacts Us
MCMC Network Security Center (NSC)
Malaysian Communications & Multimedia Commission (MCMC)
(Suruhanjaya Komunikasi dan Multimedia Malaysia)
MCMC HQ Tower 1
Jalan Impact
Cyber 6
63000 Cyberjaya
Selangor Darul Ehsan
Malaysia
Email: [email protected]
Phone: +603 8688 8303
Facsimile: +603 8688 1018
Incident Notification and Reporting
Network Service Providers, Network Facilities Providers, and Content Application Service Providers affected by network security incidents and/or breaches are required to notify MCMC Network Security Center (NSC) at:Email: [email protected]
Phone: +603 8688 8303
Facsimile: +603 8688 1018
Public Complaint/ Consumer Redress (MCMC Aduan Portal)
Members of the public that wish to lodge a complaint or seek redress on any issues relating to the Communications and Multimedia services (i.e: Telecommunications services, Broadband and Internet services, Broadcasting services, Postal & Courier Services, and etc.);
You may kindly visit: MCMC Consumer Redress Portal (MCMC Aduan Portal) at https://aduan.skmm.gov.my
