Malaysia's Social Security Organisation (SOCSO) - Perkeso, a government agency providing social security and protections to employees in Malaysia is carrying out security measures involving the smooth operation of all systems and conducting forensic investigations, after a cyber attack on December 2.
The attack compromised its systems, database and website.
Perkeso's group chief executive officer, Mohammed Azman Aziz said the National Cyber Security Agency (NACSA) along with the National Security Council (MKN) and related agencies will conduct investigations and refine security efforts in dealing with the incident.
He said the agency agreed to file a police report following an internal forensic investigation that had found elements of commercial crime in the attack.
The other measures include the activation of the Business Continuity Plan (BCP), the strengthening of SOCSO's communication and information technology (ICT) system, conducting an internal forensic investigation and the implementation communication plan.
Azman said SOCSO will continue to develop its IT infrastructure over time and will adopt best practices to ensure there are no loopholes in the system.
Perkeso activated the crisis management plan on the same day of the attack with its ICT unit mobilising a system recovery.
This resulted in the agency performing all transactions including Perkeso deductions via FPX on the ASSIST portal or physically over the counter at its branches nationwide.
The agency said the hackers' initial modus operandi was to paralyse Perkeso’s infrastructure that handles daily operations.
"However, the success of Perkeso's ICT unit in regaining control of the system eventually led to the hacker changing tactics by attempting to launch a 'character assassination' attack on Perkeso's image," it added.
Perkeso assured the incident would not disrupt its services and that all payments of interest, compensation and disability pension to the contributors and heirs involved would still be carried out according to the allotted period.
Data leak
A hacker group on December 5, posted a forum thread announcing that Perkeso’s systems had been compromised and shared sample data containing personal information including full names, IC numbers, phone numbers, email addresses, salaries, and business names in five CSV files with a total size of 16MB.
The group posted an update on the very next day claiming to be "reputable hackers" in need of funds to support their passion for identifying vulnerabilities in network systems.
They had also recently uploaded two videos, allegedly from the victim agency's internal meetings.
Commenting on data leaks in the dark web, Perkeso said the validity of the data stolen by hackers was highly doubtful, incomplete and expired. The agency claims to have never seen one of the data clusters since its inception in 1971.
