Authors
As the global cyber threat landscape becomes increasingly complex, Malaysia continues to face substantial security challenges. Our latest global threat intelligence outlines critical challenges facing the region and locally, including ransomware, zero-day vulnerabilities and cyber threats stemming from geopolitical tensions. These threats contribute to widespread misinformation, reputational damage and operational disruptions for Malaysian organisations.
The urgency of these issues is aligned with findings from the World Economic Forum's 2024 Global Risk Report, which ranks cybersecurity as the fourth most critical global risk over a two-year period. Additionally, CyberSecurity Malaysia (CSM) reported a concerning 4,741 cyber threats in 2022, with 456 fraud cases noted by early 2023 alone.
This blog highlights the key trends of cyber attacks and the importance of recognising cybersecurity not merely as an expenditure, but as a strategic investment essential for digital transformation and organisational resilience. By proactively investing in cybersecurity now, organisations can protect themselves against cyber threats that could potentially incur greater costs in the future and safeguard vital assets in the face of evolving digital threats.
Key trends
Ransomware
In 2023, Malaysia faced a significant rise in ransomware attacks with incidents doubling from the previous year, highlighting that attackers are continually developing new techniques to circumvent increasingly innovative cybersecurity technologies. Advanced functionalities such as data infiltration, deployment of additional malware delivery systems and business email compromise can critically cripple an organisation’s system.
While a report from CSM indicated that 85.2% of ransomware in Malaysia involved the exfiltration and exposure of victim companies’ data, a survey by IDC and Fortinet, which involved 550 IT leaders across Asia Pacific, identified phishing as a primary method for cyber attacks. Looking closer to home, data from Kaspersky found that Malaysia ranked top three amongst its Southeast Asian peers in terms of phishing incidents.
Recent trends reveal how phishing is linked to more complex schemes like Ransomware-as-a-Service (RaaS) which involves initial access brokers (IAB). This connection forms a complex ecosystem where simple phishing is just the beginning, leading to the development of advanced strategies that use unauthorised access to launch large-scale ransomware attacks through these available services.
IAB and RaaS: A multi-tiered partnership
IAB and RaaS providers simplify the process for threat actors, including those with minimal technical knowledge, to deploy ransomware against targets. This streamlined approach not only enhances the efficiency of ransomware attacks but also significantly broadens their reach and impact, illustrating how rapidly and extensively ransomware can spread on a large scale.
Zero-day exploits
Zero-day exploits occur when cybercriminals swiftly take advantage of newly discovered software vulnerabilities before developers can release a patch. Cybercriminals often target widely used applications, understanding that their widespread distribution makes it challenging to deploy timely fixes to all systems. As Malaysia uses many of the same applications as other countries worldwide, it is not immune to these threats.
One such notable incident was the MOVEit attack in 2023. This undisclosed software vulnerability was exploited to infiltrate systems across various regions, including a major insurance provider in Malaysia. The attack led to substantial breaches of personal identifiable information (PII) and access to other confidential data.
Cyber activity surrounding geopolitical conflicts
Cybersecurity and geopolitical conflicts: separately, they are among the top worries of business leaders. Together, the combined risks pose an even bigger challenge that demands immediate action. Our latest global threat intelligence indicates that cyber activity surrounding conflicts have significantly intensified. This includes bolder attacks from hacking groups such as NoName057, a pro-Russian hacker group that carried out ‘Distributed Denial-of-Service’ (DDoS) attacks since March 2022. The question we should be asking ourselves: Is Malaysia ready to mitigate escalating cyber risks related to geopolitical tensions?
Amid these developments, it's crucial to note Malaysia's significant exposure to conflict-based cyber threats. The country has become a target, especially in sectors related to engineering, natural gas extraction, and exports like the Kasawari Gas Project. These attacks are part of broader state-sponsored espionage efforts, showcasing advanced technical capabilities and a strategic focus on sectors tied to regional geopolitical events.
This persistent threat landscape requires organisations in Malaysia to be equipped with a fortified cybersecurity posture.
Nations and corporations within Asia Pacific such as Malaysia must prioritise the establishment of robust cybersecurity frameworks, enhance threat detection capabilities and foster collaborative international security efforts.
What can Malaysian organisations do?
In response to the increasingly sophisticated cyber threat landscape, organisations should adopt a fortified cyber infrastructure by deploying layered security solutions consisting of firewalls, intrusion detection systems, intrusion prevention systems and endpoint protection along with diligent patch management and regular updates to safeguard against vulnerabilities, particularly zero-day exploits. Below are tactics beyond hardware and software defences organisations should consider.
Our recommendations
Performing security monitoring allows organisations to continuously monitor and swiftly detect, analyse and respond to potential cyber attacks. A Security Operations Centre (SOC), whether managed or outsourced services for example, utilises advanced security measures and leverages real-time data to protect against emerging threats, fortifying an organisation's defences.
Regular security audits and penetration testing are indispensable for maintaining a sound cybersecurity posture. These evaluations help identify flaws and potential vulnerabilities within an organisation's systems that could be exploited by attackers and assess the effectiveness of existing security measures. By regularly testing cybersecurity defences, informed adjustments can be made accordingly to enhance security protocols.
Aligning cybersecurity measures with recognised frameworks such as the NIST Cybersecurity Framework and ISO/IEC 27001 ensures that an organisation's practices are both standardised and optimised. By following these established guidelines, organisations will meet industry standards and incorporate the latest best practices.
Conducting regular phishing assessments is essential to gauge employees' awareness and preparedness considering that phishing is a predominant method of attack. These assessments help identify areas where additional training is necessary to enhance their ability to recognise and respond to phishing attempts.
Engaging in cyber drills or crisis simulations across various organisational levels tests the readiness and decision-making capabilities in a controlled and risk-free environment. These exercises are vital for identifying gaps in an organisation’s response plan and refining strategies to ensure effective action during actual cyber incidents.
Dark web and deep web brand monitoring finds mentions of brands and executives, as well as threats like stolen personal information, card data, emails, phishing kits and fraud tools targeting organisations. It also detects brokers selling illegal access to corporate networks. This early detection is crucial for organisations to respond quickly to and mitigate potential threats, protecting their data and reputation.
Staying current with the latest developments in threat intelligence is equally important. Subscribing to reputable threat intelligence platforms allows organisations to gain insights into the latest tactics, techniques and procedures used by cybercriminals. This knowledge is crucial for pre-emptively addressing threats and adapting your security measures to the evolving landscape. For more information about our threat intelligence service offerings, visit our Marketplace.
Explore other topics
