Malaysia reports most malware threats in South-East Asia in 2018

An average of 45,000 malware threats were detected per day in the country last year

By SHAZNI ONG / Pic By ISMAIL CHE RUS

MORE than 16 million malware threats were reported in Malaysia last year, placing the country at the top of the list for such attacks in South-East Asia.

According to “2018 Security Roundup Report” by a global cyber security solutions company, Trend Micro Inc, an average of 45,000 malware threats were detected per day in the country.

The report also reveals that almost 350,000 malicious uniform resource locators (URLs) hosted locally had been detected in the country with 10.5 million victims falling prey to these URLs.

Trend Micro Malaysia MD Goh Chee Hoh said threats such as business email compromise (BEC) scams have long been a problem in Malaysian- based companies.

“BEC is one of the very critical key areas we can expect from cyber threats this year because in terms of the motive, it would be based on the likes of monitoring and money gain.

“The majority of the targets would be high-ranking people with the objective to extract profit from these organisations,” he told reporters at the company’s media briefing on 2019 security predictions in Bandar Utama, Selangor, yesterday.

Goh also said that another cyber threat area, which can be expected, is ransomware and the situation is not getting any better.

“Ransomware is not slowing down. Actually, they are changing their business model. Instead of a group of hackers trying to penetrate an organisation, they recruit members and run as a business.

“They recruit a lot of consortium partners together to attack an organisation,” he said.

In November last year, it was reported that Media Prima Bhd was under attack from a ransomware, preventing the use of its in-house email.

A financial daily reported that the ransomware attackers demanded Media Prima to pay 1,000 bitcoins to allow its staff the access to the company’s email system.

Goh added that vulnerability is another serious key area that can be expected from cyber threats.

“In the past, most people would be concerned on the vulnerability of the software in operating systems. Today, Internet of Things (IoT) such as webcams and print devices are also subjected to vulnerability,” he said.

According to the Federal Bureau of Investigation, BEC incurred US$12.5 billion (RM50.88 billion) in losses to companies worldwide last year.

“To minimise the risk of BEC, addressing the human factor is critical. Cyber security awareness training, coupled with advanced security technologies such as writing style DNA, can build an effective defence against BEC scams and other cyber-enabled threats,” Goh added.

Goh also projected that BEC attacks are going one level down in the organisational chart, with not only are C-suite executives targeted for these scams, but also their secretaries, assistants or high-ranking directors and managers in the finance department.

Meanwhile, spending on technology products and services in Malaysia is expected to reach US$15.5 billion this year, an increase of 4.6% from the previous year’s figure.

“As the nation continues to embark on digital transformation with rapid adoption of new technologies, especially IoT and hybrid cloud environment, the attack surface and entry points for enterprises also increase.

“Therefore, enterprises need to strengthen their cyber defence at every touch point, namely, on the endpoint, in the cloud and at the network layer,” Goh said.

Trend Micro Malaysia and Singapore technical director Law Chee Wan (picture) said tremendous opportunities in the adoption of advanced endpoint security are now available, particularly endpoint detection and response (EDR) as well as managed detect ion and response (MDR) services.

“Malware and attack methods are becoming stealthier and many of them — such as fileless malware or in-memory malware — are able to evade traditional defences today.

“That’s why we see an increasing demand from enterprise customers who want to go beyond traditional endpoint protection.

“Another driver for advanced endpoint security stems from the need to record and retrieve activities that took place of an endpoint, so businesses can fully understand how an attack has happened.

“Looking at the threat landscape, we anticipate that more and more companies will start looking into EDR and MDR technologies in 2019,” he said.