Alarming rise in online attacks Malaysia’s cyber security landscape in 2023

Malaysia reported 4,741 cyber threats in 2022 and recorded 456 fraud cases as of February 2023, with a total loss of RM27m 


DATA from the cybersecurity expert, Kaspersky shows that email phishing attacks in Malaysia remain at an alarming rate. In 2022, Kaspersky Anti-Phishing System has blocked 8.27 million cyber-attacks. 

According to CyberSecurity Malaysia, the country has reported 4,741 cyber threats in 2022, and already recorded 456 fraud cases as of February 2023. 

To raise the red flag higher, a total loss of RM27 million (as of February 2023) was recorded by The National Scam Response Centre (NSRC). 

Kaspersky MD for Asia Pacific Adrian Hia said Malaysia remains top three among its South-East Asian (SE Asian) peers in terms of malicious emails blocked by Kaspersky. 

“It is important to note that the increased phishing trend is observed not just in Malaysia but globally and this tactic remains a go-to infection technique for cyber criminals because phishing as a social engineering is really effective and easy to conduct,” he said to The Malaysian Reserve (TMR). 

He added globally, the number of phishing attacks increased markedly last year. Kaspersky’s anti-phishing system prevented 507.85 million attempts to follow a phishing link. 

“As the bad actors continue to be creative to hack through topics we care about, we need to continuously raise our awareness and protect our devices against cyber threats,” he said. 

In 2022, pages impersonating delivery services had the highest percentage of clicks on phishing links (27.38%) followed by online stores (15.56%), payment systems (10.39%) and banks (10.39%). 

These are based on the triggering of the deterministic component in the anti-phishing system on user computers. 

The component detects all pages with phishing content that the user has tried to open by following a link in an email message or on the web. 

Hia says Malaysia remains top three among its SE Asian peers in terms of malicious emails blocked by Kaspersky (source: Kaspersky)

“Recently, we’ve seen an increase in targeted phishing attacks where scammers don’t immediately move on to the phishing attack itself, but only after several introductory emails where there is active correspondence with the victim. 

“New tricks are also likely to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers,” Hia said, adding that this trend is likely to continue. 

To avoid falling victim, he advised precautionary steps including learning to recognise all types of phishing attacks. 

“When you receive them, delete and report them immediately. 

“Also, make sure you are using an antivirus programme that would remove any virus on your computer and heal any damage done,” he added. 

According to the latest data from Kaspersky, there was a 45% increase in web threats blocked by the cyber security company last year. These threats refer to attempts to download malicious objects from infected websites. 

Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. 

In 2020, Kaspersky prevented 10.2 million web attacks from infecting businesses in SE Asia, 9.18 million in 2021 and 13.38 million in 2022. 

Kaspersky SE Asia GM Yeo Siang Tiong said 2022 was a reopening year for most businesses and, unfortunately, for cybercriminals as well. 

Yeo encourages companies to allocate budget and resources to strengthen their defences against the escalating network attacks

“As 2023 will be the first year of fully re-opened borders and markets, we encourage companies here to allocate budget and resources to strengthen their defences against the increasing attacks against their networks,” he said. 

He added that while the IT security talent gap remains an issue, outsourcing experts and comprehensive solutions offer efficiencies that can fill in this missing piece. 

Meanwhile, Huawei Cloud Malaysia president Andy Wei said data sovereignty and regulatory compliance are important when adopting cloud as companies must ensure their data is stored and processed in compliance with local laws and regulations. 

In July 2020, Huawei partnered Telekom Malaysia Bhd (TM) to build the first Malaysian-owned end-to-end cloud and artificial intelligence (AI) infrastructure, ensuring data sovereignty and data locality, and contributing towards Malaysia’s efforts in becoming the Asean Digital Capital.

The partnership produced Cloud Alpha Edge where TM offers a line of cloud computing services. Alpha Edge has three data centres to date. 

Tune Insurance (M) Bhd (Tune Protect) was the first insurer in Malaysia to have received the official approval from Bank Negara Malaysia (BNM) to host its insurance core system on TM’s Cloud Alpha Edge. 

“This was made possible via a collaboration between Tune Protect, TM and Huawei. It enables Tune Protect to re-platform its existing GIS (general insurance system), an insurance core system, on to cloud,” Wei said. 

This marks a significant milestone as Cloud Alpha Edge meets the standards of BNM’s Risk Management in Technology (RMiT) full guidance requirements checklist, making it the first Public Cloud to host an insurance core system in Malaysia. 

Wei added that the cloud is more secure and reliable than traditional data centres. 

“Cloud providers typically offer robust security measures, including data encryption, access controls and regular security audits,” he said. 

However, businesses must ensure they understand the shared responsibility model, where the cloud provider is responsible for securing the underlying infrastructure, while the businesses secure their data and applications. 

“It is crucial for businesses to implement proper security practices, such as strong authentication mechanisms, regular data back-ups, and continuous monitoring of cloud resources,” Wei said. 

According to Yeep, implementing proper security practices is crucial for business as poor security measures can lead to a data breach (source: Yeep’s LinkedIn)

Robust HPC Sdn Bhd MD and principal consultant Tecsun Yeep shared the sentiment, saying poor security measures can lead to a data breach. 

“In severe cases, businesses may face loss of data. There are also concerns over privacy for the confidential data stored on the cloud,” TMR was told. 

Based on these concerns, business owners may understandably feel intimidated to adopt cloud services. 

“It is important to understand that cloud security is critical to cloud computing. 

“There are multiple measures a provider can take to safeguard your cloud system — identity and access management, data loss prevention services, web application firewall (WAF) and more,” Yeep said. 

On top of that, typically, businesses do not hire an engineer to monitor the security risks all the time, but a cloud computing provider may have one or more cyber security engineers to manage security. 

“At the end of the day, the misperception that ‘cloud is not secure’ might not be true. It really depends on whom you work with,” he added. 

Meanwhile, principal product marketing manager for Red Hat Advanced Cluster Security for Kubernetes, Ajmal Kohgadai said the company’s recent survey found that 38% of respondents believe that security is not taken seriously enough or that security investment is inadequate, which can hinder business outcomes. 

“One of the primary reasons for adopting cloud-native technologies is the agility it provides. 

“But these benefits are not always realised, as the survey found that 67% of respondents have had to delay or slow down application deployment due to security concerns,” he said. 

Ajmal also warned that cloud-native security incidents can have serious consequences for businesses. In the survey, 21% of respondents said security incidents have led to employee termination. 

“Security is not an afterthought. It is a critical component of any successful cloud-native adoption strategy,” Ajmal said. 

  • This article first appeared in The Malaysian Reserve weekly print edition