Malaysia sees 266% spike in web threats since 2017

Kaspersky’s report shows web threats continue to gain momentum as the primary method of infecting Malaysians

22 February 2022 – The global cybersecurity company reveals the latest trend of web threats in Malaysia over the past five years.  The data gathered from 2017 till 2021 presented an exponential growth in web. From just over 16 million detections, it is up at more than 61 million last year or a whopping three-digit climb (267%).

Based on Kaspersky’s data, there was a dip in terms of web threats detections in 2019, before climbing to 33% in 2020 and another additional 26% in 2021.

Overall, Kaspersky products have blocked more than 61 million Internet-borne malware against Kaspersky users in Malaysia last year. This is over 12 million more than the detections in 2020.

Web threats are attacks done via browsers to spread malicious programs.  The cybercriminals use two methods to penetrate systems – exploiting vulnerabilities in browsers and the plugins or drive-by download, and social engineering, which requires the user participation, that the cybercriminals make the victims believing that they are downloading a legitimate program.   

 Table: Cyberthreat Trends 2017 – 2021

In terms of local threats, the decline has been consistent during the five-year period. More than 82 million local malware were detected and blocked by Kaspersky in 2017. Last year, it is down at just almost 36 million.

Local threats are malware infections spread through removable USB drives, CDs and DVDs, and other offline methods. With the pandemic entering its third year, shift to online has closed offices and schools which may have contributed to the steady decline of this type of attack.

“The WannaCry encryption malware was a real threat for enterprises in 2018.  In 2019, our researchers saw growing web skimmers with the cybercriminals shifting their focus on gaining clear profits from their victims. The dip in number of web threats in 2019 suggests that the public was becoming more aware of the threats and are using security solutions to fend them off. Cybercriminals struck again in 2020 triggered by the pandemic and we continue to witness the rise of ransomware and high-profile data breaches up to this day,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Based on statistics from the Commercial Crime Investigation Department at Royal Malaysia Police, Malaysian suffered losses amounting to about RM2.23billion on cybercrime frauds since 2017.   

“Amidst this rise and fall in web and local threats, we can see that the number of scams and breaches are increasing year after year.  And it’s interesting because attackers are now resorting to non-technology focused attacks, exploiting human vulnerabilities, involving all sorts of scams through SMS, automated phone calls, popular messengers, social network and others. This require vigilance from users, from companies, and from government bodies and regulators to ensure that we are building a safer cyberspace as we progress technologically,” adds Yeo. 

For companies still observing remote work, Kaspersky experts have the following tips to help employers and businesses continue to stay on top of any potential IT security issues and remain productive:

• Cybersecurity should be a “living” strategy, not a static platform. This will blend technology and effort, and is constantly upgraded, updated and improved. Banks need to ensure a security team (or security experts) who will be able to ensure cyber defence infrastructure is updated, and will be able to provide support in the event of cyberthreats.
• Ensure proven protection software, on all endpoints, including mobile devices, and switch on firewalls is updated. Small and medium-sized enterprises can also opt to use a Kaspersky Endpoint Detection and Response Optimum to boost their defences against complex threats.
• Consider a threat intelligence platform: Another key component to include would be to ensure access to the latest IT security trends/threats – that is also known as threat intelligence. Threat intelligence will give the insight to act on, and paint a bigger, more accurate picture of the bank’s digital presence, to educate senior stakeholders about the ongoing risks and vulnerabilities. This will empower them to be able to make informed decisions on what needs to be done to keep the potential harm at bay, refine existing security processes to better defend against known threats and to continually plug any gap in the IT infrastructure.
• Ensure third party vendors’ cybersecurity systems are also updated. There have been increasing reports on how breaches to third-party security systems have implicated businesses. Whether you are a bank, the Government or a private enterprise, no one is immune from these security threats, and it is important that we heighten our vigilance when it comes to cybersecurity. It does not matter how secure your third-party vendor tells you their systems are, as the elevated prominence of supply chain attacks have shown us that it is important to take responsibility for your own cybersecurity posture rather than leaving it in your partners’ hands.

For users, here are the top online security tips for to ensure you can play your part in cyber-vigilance:

• Follow the rules of cyber-hygiene: use strong passwords for all accounts, do not open suspicious links from emails and IMs, never install software from third-party markets, be alert and use a reliable security solution.
• Employ common sense before handing over sensitive information. Do not readily share private or confidential data online. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
• Never click on unsafe links nor open suspicious email attachments: Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected. Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments.

Ensure you download an anti-malware app. Products like Kaspersky Internet Security for Android can protect against malicious apps, as well as SMS phishing links themselves