According to The Sun Daily, on November 11th 2021, the Malaysian army’s Twitter account was hacked. Though some think that it was just a harmless act, and others might even find it amusing, it ultimately gave the public an insight into the potential weaknesses of Malaysia’s official government platforms. The incident also further cemented why cybersecurity should be taken more seriously.
What is Cybersecurity?
Cybersecurity is the practice of protecting devices, network, programs, systems, and other electronic data from theft or misuse by a malicious actor.
When devices are not secured correctly, they are exposed to the internet and potentially vulnerable to online attacks from hackers. Confidential information such as passwords, bank account numbers and personal data that are usually stored in these devices can be stolen if the owner of these devices does not take proper precautions.
What exactly happened on November 11th?
In recent news, a hacker had managed to get into the Malaysian army’s Twitter account and changed the profile photo into an image of a “Shiba Inu”. The Twitter account was subsequently renamed as ‘Shib’.
Although many people found the entire situation amusing, this incident brought various concerns and questions about how this hacker managed to gain access to the Twitter account this easily.
This situation warranted the potential and possibility of other hackers with worse intentions breaking into other official government accounts and stealing sensitive information.
How did this incident warn us of possible future hackings?
Hackers tend to favor targeting official government accounts as they may contain highly sensitive information, which they can later put up for sale in the dark web marketplace.
CEO of LE Global Services (LGMS), Mr. Fong Choong Fook, brought up an even more terrifying scenario that these hackers may cause if more of them ever gain control over official government accounts.
“Imagine hackers getting into a government account or website, maintaining the site and then publishing misleading information while masquerading as the government,” Mr. Fong pointed out.
“This is scary because people may be misinformed, and the government may not even know this.” Mr. Fong said.
Mr. Fong explained further that this could not be disregarded as a one-off situation, and the possibility of more hackers getting into the system should be taken more seriously.
How can we avoid an incident like this from happening again in the future?
The earlier incident could have been easily avoidable if passwords used for the account were more complicated and changed frequently. If official government accounts use simple passwords, they would easily be hacked.
Following the basic principle of least privilege, management teams should only share the login credentials with the department in charge. Strictly set the rules to limit the person who maintains the account to log onto these accounts.
It is highly recommended that government entities invest in cyber security training and educate their IT personnel and system administrators in cyber security skills, which helps to ensure their system is secure.
It is also essential for corporations and the government to invest in getting cyber-security experts to assess if there are any vulnerabilities or weaknesses in their systems. If so, they should remediate it and make the systems more secure.
If usernames and passwords are stolen, MFA would be the last line of defense. It is an extra step that requires the user to explicitly verify themselves through other identifiable means. MFA would perform in the form of biometrics, physical tokens or keys, a TAC, or even a phone call. Having this secondary factor as protection helps make stealing accounts much harder.
Mr. Fong also added that cyber security companies are also coming up with new methods to prevent incidents like these from recurring, as hackers are constantly finding new ways and making attempts to hack into government sites.
“Nowadays, cyber-security experts are advocating a new concept called a compromise assessment which is used to assess whether an organisation has been compromised or not.”
“This way we will be aware of our sites or accounts that have been breached. I also believe that the government needs to be more aggressive to hunt down these cyber threat individuals,” Mr. Fong stated further.
The leading cybersecurity expert in Asia trusted by multinational corporations around the world. LGMS is a cybersecurity consulting company focused on delivering specialized cybersecurity assessments, consultations, and advisory services. Established in 2005, LGMS has since built a reputation for its integrity, values, and best practices by providing world-class professional services to local, regional, and international clients across various industries and backgrounds. Visit www.lgms.global for more information.
For more, follow us on
YouTube Channel: LGMS Penetration Testing Expert (LE Global Services)
Facebook Page : lgms.global
Linkedin Page: lgms-global
Instagram ID: lgms.global
Wish to become more competent in your Cyber Security Career and know more about Cyber Security Security tips?
📌 Join CYBERSEC CHAT Club on Clubhouse: https://lnkd.in/dT7mRyZ