According to initial local media reports on Monday 21 August 2017, an Indonesian hacker group ExtremeCrew defaced some 27 Malaysian websites, apparently in response to an error in the official Kuala Lumpur SEA Games 2017 souvenir booklet where the Indonesian flag was shown upside down.
The hacked sites featured the booklet with the message 'Bendera Negaraku Bukanlah Mainan,' ['my national flag is not a plaything'] accompanied by the Indonesian patriotic anthem 'Tanah Air Beta.'
Malaysian officials have already apologised to Indonesia for the error after the issue was raised by the Indonesian Youth and Sports minister Imam Nahrawi on Saturday.
Just before 4pm (MYT) Monday, national digital security specialist agency CyberSecurity Malaysia chief executive officer Dato' Dr Amirudin Abdul Wahab (pic below) confirmed to Computerworld Malaysia that so far a total of 33 websites have been hacked and defaced. Many of the hacked sites appear to be blog sites.
Dr Amirudin said the agency has "has been receiving several reports of attacks targeting Malaysian websites, of confidential information leaks, and possible Distributed Denial of Services (DDOS) attacks."
"The incident is real and we are performing an investigation, as well as monitoring - and working closely with other agencies - to mitigate this incident," he added. "As of today, 21 August 2017 (3.40pm), a total of 33 Malaysian sites have been defaced."
(At 12 pm MYT, unofficial reports suggest 40 sites may now have been affected.)
How the hacking landscape has changed
When Computerworld Malaysia reached out to some digital forensics experts for early insights, all three agreed that hacktivism motivated the current attack.
Former white hat hacker turned financial security consultant LGMS director, Fong Choong Fook (pic below), pointed out: "The latest Indonesian Hacking shows us one very important thing: while it's always possible for hackers to target high-profile sites, they don't seem to necessarily pick and choose their targets anymore."
"The hacking landscape has changed tremendously over the last 10 years," Fong continued. "Hackers today are no longer focusing on high profile sites, but acting randomly using automated tools to scanning the Internet."
To guard against becoming easy prey, he pointed system administrators and business owners to the following example. "The chances of being hacked are much slimmer for this organisations that are already applying pro-active security measures, such as regular security assessments, penetration testing and utilising technologies such as Web Application Firewalls, Intrusion Prevention Systems."
"If your organisation has Internet exposure and has not been conducting pro-active information system assessment and defence: start now," Fong said. (See - Malaysia interview: How easy is it to set up as a cyber crook today?)
Computer forensics investigator and expert witness Krishna Rajagopal (pic below) said Malaysian businesses must take more seriously the advisories issued by CyberSecurity Malaysia.
Sign up for Computerworld eNewsletters.