Advice for IT Admins
- Apply system patch where it is deemed necessary. Subscribe to CERT notices and get alerted when fixes are available
- Monitor any rouge clone Wi-Fi Access Point (AP) in the network and close it down you have a corporate VPN, ensure all staff uses the VPN for any WI-FI connections. You may want to take the opportunity to also encourage people to use personal VPN for their personal use
- Ensure systems are updated. As soon as a patch is released, ensure any device that connected to a Wi-Fi network is updated. This is a great opportunity to remind others why updating is so important, to include enabling automatic updating
- In general, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming).
Advice for users:
- Be cautious when selecting Wi-Fi AP especially on public network
- Make sure to check on available Wi-Fi AP list and avoid choosing the one that has more than one similar SSID
- Use VPN if possible on public network.
- Use specific mobile apps instead of the browser version (e.g. Facebook, WhatsApp, Gmail and etc.) because the mobile apps are utilising certificate pinning and eliminates SSL-Stripping.
- Where possible, use Ethernet cables and connect directly into the network, rather than using Wi-Fi.
- If tethering is not possible or you do not have a VPN, ensure any online activity is natively encrypted. This step is more limited as some encrypted sessions (such as browsing) may also include unencrypted traffic. Another option is to use HTTPS Everywhere plugin for browsers. Always use encrypted sessions.
Fong added. "This is the *largest scale* of vulnerability impact in the history of WPA protocol. We have not even touched on the impact surface of the Internet of Things (IoT), which may be using WPA. Krack's impact may turn out to be far more serious than we know today."
CyberSecurity Malaysia's MyCert has issued an advisory and the appendix below gives contact details to report suspected cybersecurity attacks. (See - www.mycert.org.my/en/services/advisories/mycert/2017/main/detail/1288/index.html)
To see some latest local digital security news, visit:
- Ransom DDOS attacks hit Malaysian financial firms: Experts advise action plan for IT
- 33 Malaysian websites hacked following SEA Games error: Experts reaffirm security musts for Sysadmins
- WannaCry attacks: Former Malaysian hacker predicted healthcare target
- Global ransomware attacks prompt national 'WannaCry' alert from CyberSecurity Malaysia
- Crash Override, Industroyer malware: CyberSecurity Malaysia calls for critical infrastructure checks
- Malaysia interview: How easy is it to set up as a cyber crook today?
- In Malaysia, worries about cyber threats overtake physical concerns for the first time: Unisys Index
- What can IT professionals learn from the HBO hack?
Sign up for CIO Asia eNewsletters.