Kaspersky: Malaysia needs to take a more active stance in cybersecurity

• Against the backdrop of constantly evolving cyber threats, Malaysia needs to do more in prioritizing cybersecurity, Kaspersky’s findings suggest.
• According to the National Security Council of Malaysia, in September alone, there were 5,626 cyber incidents reported.
• On Kaspersky’s end, in the first half of 2022 alone, it detected 20,948,843 different web threats on the computers of Kaspersky Security Network (KSN) participants in Malaysia.

Every subsequent year, the number of cyberattacks around the world gets worse and just like most countries, Malaysia has not been spared from the evolving cybersecurity threat landscape, targeting both industries and the government. Data from Kaspersky Security Network (KSN) participants in Malaysia alone highlights an alarming amount of web threats detected on computers in the first half of this year — 20,948,843.

“Attacks via web browsers are the primary method for spreading malicious programs. Exploiting vulnerabilities in browsers and plugins, as well as social engineering, were the most common ways used by cybercriminals to penetrate the systems,” Kaspersky said in a statement. To top it off, Kaspersky’s Anti-Phishing systems also blocked a staggering 1,791,751 phishing attempts in Malaysia during the first six months of the year alone.

“Global cybersecurity company’s fresh data also showed that 16,498 malicious installation packages on mobile were detected and blocked here by Kaspersky and 3,285,350 brute force attacks against Remote Desktop Protocol (RDP) on computers running Windows were also foiled during this period,” according to the global cybersecurity and digital privacy company said.

With those numbers in mind, Kaspersky highlighted the urgency for the government to take a more active stance in prioritizing cybersecurity. This is especially considering the fact that cyberattacks on information and communications technology (ICT) supply chains are particularly on the rise which can affect governments, enterprises, and the public.

Kaspersky’s head of public affairs and government relations for Asia Pacific & Middle East, Turkey, and Africa Genie Gan in a media briefing shared that while the cybersecurity landscape in Malaysia is distinct from the rest of SEA countries, it is still interconnected with its regional neighbors in so many ways. “This is why we encourage the government regulators to begin boosting its cyber capacity-building and cooperation efforts. These two are basically the building blocks of cybersecurity,” she added. 

When asked if the Malaysian government is doing enough to deal with the increasing number of high profile cyberattacks that has happened off late, Gan said “Looking at Malaysia’s unique cybersecurity landscape and how it is dealing with cyberattacks, it appears that the country is now in the intermediate stage of cybersecurity readiness,” she said. Based on Kaspersky, Intermediate-level countries are those that have identified cyberattacks as areas they need to look into and have attempted to make some inroads. 

She added that the goal is to have the country move to the Advanced stage where we hope to see it doing more in terms of development. Gan also recommended specific action steps to strengthen the ICT supply chain in Malaysia including developing core principles and technical standards to ensure a consistent level of cybersecurity across all companies involved; actionable national cybersecurity strategies; improve procedures and regulations on ICT supply chain infrastructure; and lastly private and public mutual cooperation and cybersecurity capacity building.

Also present during Kaspersky’s media briefing were the National Security Council of Malaysia’s (NACSA) chief executive Rahamzan Hashim who believes that trust and transparency are timely topics to be discussed given the urgent need to boost Malaysia’s cyber resilience. “Mutual collaboration between public and private entities is key to strengthening our cybersecurity capabilities as a nation. We know this well, which is why our Malaysia Cyber Security Strategy 2020 – 2024 is founded on multi-stakeholders partnerships between the government and private sectors as well as industries here in Malaysia.” he added. 

According to Hashim, there were 4,194 cyber incidents reported in 2020, 5,575 in 2021 and what is shocking is as of September this year alone, there had been 5,626 cases, surpassing recent years record overall. To recall, this year alone there had been several high-profile cases with the most recent one impacting the civil servants’ ePaySlip system, highlighting massive loopholes.

The group of hackers, identifying themselves as the “grey hat cybersecurity organization”, have apparently extracted nearly two million payslips and tax forms in PDF formats amounting to 188.75 gigabytes. According to a local news report, several screenshots of ministers’ and politicians’ payslips were also attached when the hackers emailed a statement to the media agency. Unfortunately, till date, no concrete actions have been taken by the government. 

---

---

---

---