i³ Investor
After Immigration hack, experts say more preventive measures needed for national cybersecurity
04 April 2023

PETALING JAYA: With another instance of a public sector website being compromised, cybersecurity experts say it is high time the government takes cybersecurity measures more seriously.

Founder and chief executive officer of cybersecurity firm LGMS Berhad, Fong Choong Fook, said website compromise was something that should never happen in this day and age.

“There are so many available technologies – some even free – to help organisations protect their sites.

“Defacement hacking should be a thing of the past... we notice a serious lack of initiatives to keep even simple websites secure," he said when contacted.

On Tuesday (April 4), the Immigration Department confirmed that its website was attacked by hackers.

In a statement, Immigration director-general Datuk Ruslin Jusoh said the website was hit by a cyberattack at 2am by a hacker going by "CaptainSmok3r".

Other links related to Immigration services such as myImms, SSPI and others were unaffected by this incident, Ruslin said.

Website defacement refers to an attack that alters a site's visual appearance or content.

He said the government could perform regular security health checks to mitigate these occurrences.

“The assessments should also be done by professionals. If this is not addressed, we may continue to see website defacements or worse, data leaks,” he said.

A vulnerability assessment was one possible preventive measure, Fong added.

This is a testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe.

“This may involve automated and manual techniques with varying degrees of rigour and an emphasis on comprehensive security coverage,” he said, adding that like medical health checks, security health checks should be done yearly.

“This is to ensure there are no loopholes on websites. Again, these incidents could be prevented through such checks," he said.

Universiti Sains Malaysia cybersecurity expert Assoc Prof Dr Selvakumar Manickam said anyone with basic knowledge of web services architecture and hacking could easily carry out defacements.

He said such instances could lead hackers to look for other system vulnerabilities, resulting in more serious implications such as data manipulation or leaks.

“Although defacement alone does not indicate a leak or breach, it does give the hacker the opportunity to probe further and scan for other loopholes,” he said.

He strongly urged the government to give more serious attention to such matters as national security was involved, echoing the call for annual security checks and preventive measures.

In the short term, Prof Selvakumar said cybersecurity requirements should be made mandatory for any new government agency systems.

“Tests must be done annually, with new security practices and mechanisms... implemented the moment they are released.

“For example, when a patch is released for certain software, the government should apply it immediately,” he said.

He added that education and awareness on cybersecurity aspects were also needed for government officers.

In mid-May last year, a data leak was reported by local tech portal Amanz, where a 160GB database with personal details of 22 million Malaysians belonging to the National Registration Department was being sold for US$10,000 (RM43,950) on the dark web.