FACULTY OF COMPUTER AND MATHEMATICAL SCEINCES

MARA UNIVERSITY OF TECHNOLOGY

KAMPUS JASIN MELAKA

ITT633: WIDE AREA NETWORK TECHNOLOGIES AND SERVICES

GROUP PROJECT: CYBERSECURITY

LECTURER:
MADAM NOR ADORA ENDUT

PREPARED BY:
MUHAMMAD ZAMIR BIN MOHD ZAMRI (2019868034)
MUHAMMAD HAIKAL BIN SHAMSUDDIN (2019423266)
MUHAMMAD SYAKIR BIN MOHD ZAIN (2019415714)

GROUP:
M3CS2455A

SUBMISSION DATE:
20/11/2021
 TABLE OF CONTENT

NO TOPIC PAGES
1 INTRODUCTION 1

2 COMPANY BACKGROUND 2

SECURITY CHALLENGES AND SOLUTION

1. Ransomware
2. Phishing 3-6
3
3. Insider Attacks

4 CONCLUSION 7

5 REFERENCES 8

ii
1.0 INTRODUCTION

In this case study project, the task given was analysing IT security of a corporate
company in Malaysia. The idea of this case study is to discuss the most popular cyber attacks
security challenges that every company may or may not face now, it is only to the matter of
time if the company did not take the security measures seriously. With the growth of
technologies in networking, every company is at risk towards these attacks. Cyber-attacks on
information systems have recently become more powerful and dangerous, resulting in instances
such as data spillage and system destruction. Though numerous security solutions to deal with
these dangers are being created and deployed, systematic consideration of strategies to improve
the present security system and establish better strong defence systems is still needed. In this
situation, it's critical to determine the most recent sorts of attacks on the principal security
system.

As for the company we decided to perform this cybersecurity analysis on, is at Telekom
Malaysia Berhad, a telecommunication company that is widely use as an internet service
provider and serves in the communication field in Malaysia. Thus, networking and IT
technologies has always been the part and parcel in their working line which means this
company took one of the main cybercriminal attentions to steal data, send ransomware type of
virus etc. This case study is to discuss the types of cyber attacks that this company may face
soon and the security challenges. Solutions and recommendation to avoid such attacks are also
proposed at the end of the case study.

1
2.0 COMPANY BACKGROUND

Telekom Malaysia Berhad is the largest telecommunication company in Malaysia, after

acquiring Celcom and integrating with its mobile operation subsidiary, TMTouch. It has a
monopoly on the fixed line network and a significant market share in the mobile
communications market. It has a subsidiary (TMNet) that provides narrowband and broadband
internet connectivity. TMNET is now the country's only DSL broadband provider, thanks to
its near-monopoly on last-mile connections. Despite its large number of customers, TM Net
has been the target of strident user criticism, with claims of bad service and inept customer
management.

TMB had a rebranding on April 14, 2005, which was inaugurated by Dato' Seri
Abdullah Haji Ahmad Badawi, the Malaysia's Former Prime minister. It served as a foundation
for infusing new passion and enthusiasm into the company's general identity, as well as a more
fresh and dynamic approach to customer service culture. The readiness of Malaysia's Prime
Minister to officially introduce the new brand recognition demonstrated the government's
support for TM in its desire to bring meaningful and innovative transformation to the
corporation.

The new identity is the Company's second visual identity update until it became a
publicly traded corporation in 1990, and it has been 15 years since the last brand makeover.
This rebranding is an important step towards to the transformative measures that will reinforce
and complement the recently announced TM business development strategy. Additionally, this
rebranding can assist TM in adapting to technology advancements.

In addition, TM is implementing a CRM IT infrastructure which will strengthen

systems and processes to ensure that all 'lines' are prepared to respond to consumer questions.
These modifications are intended to portray the new identity TM as assertive, aggressive,
enthusiastic, and energising. As for this case study going, the team in charge for the network
security measure is Telekom Malaysia Berhad's Data Network Management (DNM) division,
which is part of the company's Information Technology and Network Technology (IT&NT)
department.

2
3.0 SECURITY CHALLENGES AND SOLUTION

3.1a Ransomware
One of the cybersecurity challenges threats that Telekom Malaysia Berhad may find
themselves vulnerable to are ransomware attack. Ransomware is a form of malicious software
(malware) that threatens or prevents access to data or a computer system, generally by
encrypting it, unless the victim pays a ransom price to the attacker. In many circumstances, the
ransom demand is accompanied by a deadline. If the victim does not pay the ransom in time,
the data is lost forever, or the demand is raised. Ransomware assaults have become all too
regular in recent years. It has harmed major corporations in Asia, Europe, and North America.
Cybercriminals will target any consumer or business, and victims will come from any industry.
Few examples of ransomware attacks are WannaCry, Ryuk, Bad Rabbit and NotPetya. It is
dangerous for Telekom Malaysia Berhad if they are being attacked by all these ransomwares
mentioned especially NotPetya, as it is considered one of the most damaging ransomware
attacks. NotPetya is a virus that uses techniques like its namesake, Petya. The virus will infect
and encrypt a Microsoft Windows-based system's master boot record. Other than that, NotPetya
used the same vulnerability as WannaCry to spread drastically, demanding bitcoin payment to
remove the alterations. NotPetya is called the wiper as it cannot erase its changes to the master
boot record, rendering the target machine unrecoverable. Thus, ransomware is a very powerful
attack that can causes chaos on Telekom Malaysia Berhad network because it can erase all the
important information regarding the company.

3.1b Solution to Ransomware attack

Telekom Malaysia Berhad should create a ransomware incident response (IR) plan that
is specific to the attack. This stage is especially crucial when preparing for direct attacks which
can harm large areas of a company (Brewer, R, 2016 Sept 9). This one will aid in ensuring a
faster reaction in a circumstance were stopping or containing a serious issue is critical. With
this method, a specific ransomware attacks will be detected immediately with a person
monetization. Furthermore, once the ransomware has successfully infected the system, there
are actions to take to keep it contained locally such that network files are not compromised.
The ideal method of containment is to have an endpoint protection system that can look for the
operation and terminate the activity. If ransomware is found, network connectivity can be
inhibited so that it can't encrypt files on the network even if it gets to the endpoint. With these
two solutions, the risk of being attacked by the ransomware is low, and security is ensured.

3
3.2a Phishing

At the same time, Telekom Malaysia Berhad is also exposed to phishing attack.
Phishing is a sort of social engineering exploit that is widely used to acquire user information,
such as login passwords and credit card details. It happens when an attacker poses as a
trustworthy entity and tricks the victim into opening an email, instant message, or text message.
Being such a big company like Telekom Malaysia Berhad, there are many contacts information
that attackers can get through the internet such as emails, then the attackers only need to send
a bait email that looks legit. In consequence phishing is a dangerous cybersecurity attack
toward Telekom Malaysia because the company have hundreds of employees that may be
tricked into clicking the clickbait sent by the attackers. Just one click can cause all the
confidential information such as customers information and company information leaked. Even
though the employees will always be on careful mode, there will be times that one of them will
fall to the victim of phishing if the emails or text message looks very convincing. In addition
to that, these recent years phishing has been one of the famous cybersecurity attacks for most
big companies.

3.2b Solution for Phishing

As an organization Telekom Malaysia Berhad need to educate their employees and

conduct training sessions with mock phishing scenarios. Telekom can do cyber security
training program for the employees because it is one of the solutions for the company to
overcome the difficulties and problems encountered in establishing cyber security. Other than
that, top management of the company need to regularly monitor the results of security training
by getting comments from the employees to prove the effectiveness of the security training.
Next, Telekom IT department must stay current on phishing methods and ensure that their
security rules and technologies can eradicate attacks as they develop. It is also essential to
guarantee that their staff understand the sorts of assaults they may encounter, the dangers they
face, and how to deal with them when it comes to defending their firm against phishing
attempts. To sum up, top management and IT department of Telekom Malaysia Berhad should
cooperate to educate their employees regarding phishing attacks and make sure their firewall
technology can block any kind of cyber security attacks towards the organization.

4
3.3a Insider Attack

The third threat of cybersecurity challenges that may Telekom Malaysia Berhad will be
facing are insider attacks. An insider threat is a potential threat that occurs within the company
being targeted. It usually includes a current or former employee or business colleague who has
access to sensitive information or privileged accounts on an organization's network and abuses
that access. Generally existing security procedures are often concentrated on external threats
and are incapable of detecting internal dangers emerging from within the company or
organization. As we all know Telekom Malaysia Berhad is very big and established company
that have hundreds if not thousands of employees. In addition to that it is not impossible if one
day someone in the company will become the one of the insider threats as mentioned below:

• Malicious insider - someone who deliberately and knowingly abuses valid credentials,
usually to steal information for monetary or personal gain For example, a person who
harbours resentment toward a former employer, or an opportunistic employee who sells
confidential information to a competition. Malicious insiders have an edge over other
attackers since they are familiar with an organization's security policies and processes,
as well as its weaknesses.

• Careless insider - an inexperienced pawn who inadvertently exposes the system to

external dangers This is the most frequent sort of insider threat, and it occurs as
consequences of human error, such as leaving a device exposed or falling prey to a
fraud. For example, an unintentionally malicious employee may click on an unsafe link,
infecting the system with ransomware.

• A mole - an impostor who is technically an outsider but has gained insider access to a
secure network. Mostly someone from outside the corporation poses as an employee or
a partner.

5
3.2 Solution for Insider Attack

There are few solutions to avoid being vulnerable towards insider attacks and the best
way to do it by following the steps provided. First Telekom Malaysia Berhad must protect
critical assets such as facilities, technology, people, and systems. Intellectual property includes
internal manufacturing processes, proprietary software, customer data for suppliers and
schematic.

Next, the company need to enforce policies by properly document company policies so
that Telekom can enforce them and avoid misunderstandings. The third step that can be done
is increase visibility, implement systems to track employee behaviors and correlate data from
numerous data sources. You can, for example, deploy deception technologies to tempt a
malevolent insider or impostor and obtain visibility into their activities. The final step that the
organization should do is promote culture change, by doing this Telekom can ensure security
is not only about know-how but also about attitudes and beliefs. Telekom need to educate
their personnel about security concerns and seek to increase employee satisfaction to
counteract carelessness and address the motivations of hostile activity. These are the steps that
should Telekom take to prevent themselves from being exposed towards insider attacks.

6
4.0 CONCLUSION

Considering this information, we can conclude that during this modern time of
technology everyone and every business or organization are vulnerable towards any kind of
cyber security attack. Thus, Telekom Malaysia Berhad should take all possible precautions to
prevent their organizations from unwanted cyber attack. This company is an establish
telecommunications industry company that contains many confidential and private information
of all users which is very crucial to have a strong solid security as it’s an essential service that
operates daily. In this endemic COVID-19 issues in the nation, cyber criminals take advantages
to attacks those are in vulnerable, exposed and unaware to the attacks.

7
5.0 REFERENCES

1. Brewer, R, Rhythm, L (2016, September 9). Ransomware attacks: detection,

prevention, and cure. Network Security Science Direct. Retrieved from
https://www.sciencedirect.com/science/article/pii/S1353485816300861

2. Craigen, D, Diakun-Thibault, N, Purse, R (2014, October 08) Defining Cybersecurity.

Time review. Retrieved from https://www.timreview.ca/article/835

3. Filan, A (2019, October 02). What is Ransomware? Proofpoint. Retrieved from

https://www.proofpoint.com/us/threat-reference/ransomware

4. Fisher, E (2016, August 12). Cybersecurity Issues and Challenges: In Brief.

Congressional Research Services. Retrieved from
https://a51.nl/sites/default/files/pdf/R43831.pdf

5. Green, J (2018, December 06). Insider Threat. Imperva. Retrieved from

https://www.imperva.com/learn/application-security/insider-threats/

6. Idris, A.N (2021, April 21). TM partners Telefónica Tech to strengthen digital
infrastructure solutions. The edge markets. Retrieved from
https://www.theedgemarkets.com/article/tm-partners-telef%C3%B3nica-tech-
strengthen-digital-infrastructure-solutions

7. Vineswaranrajenderan (2019). Industrial Training Report at Telekom Malaysia

Berhad. Industrial Report of City University Retrieved from
https//:EITReport.docx.pdf