Malaysia sees 266% spike in web threats since 2017, says report

Kaspersky’s report shows web threats continue to gain momentum as the primary method of infecting Malaysians.

Kaspersky revealed that it has detected a 266% rise in web threats in Malaysia over the past five years.

The global cybersecurity company said data gathered from 2017 till 2021 presented an exponential growth in web. From just over 16 million detections, it is up at more than 61 million last year or a whopping 267% climb.

Based on Kaspersky’s data, there was a dip in terms of web threats detections in 2019, before climbing to 33% in 2020 and another additional 26% in 2021.

Web threats are attacks done via browsers to spread malicious programs.  The cybercriminals use two methods to penetrate systems – exploiting vulnerabilities in browsers and the plugins or drive-by download, and social engineering, which requires the user participation, that the cybercriminals make the victims believing that they are downloading a legitimate program.  

KSN Data20172018201920202021
Web Threats16,740,30342,052,26136,650,94248,751,94361,384,025
Local Threats82,026,20567,739,96363,634,74554,549,74035,873,395
Table: Cyberthreat Trends 2017 – 2021

“The WannaCry encryption malware was a real threat for enterprises in 2018.  In 2019, our researchers saw growing web skimmers with the cybercriminals shifting their focus on gaining clear profits from their victims. The dip in number of web threats in 2019 suggests that the public was becoming more aware of the threats and are using security solutions to fend them off. Cybercriminals struck again in 2020 triggered by the pandemic and we continue to witness the rise of ransomware and high-profile data breaches up to this day,” said Kaspersky general manager for Southeast Asia Yeo Siang Tiong.

Kaspersky general manager for Southeast Asia Yeo Siang Tiong.

In terms of local threats, the decline has been consistent during the five-year period. More than 82 million local malware were detected and blocked by Kaspersky in 2017. Last year, it is down at just almost 36 million.

Local threats are malware infections spread through removable USB drives, CDs and DVDs, and other offline methods. With the pandemic entering its third year, shift to online has closed offices and schools which may have contributed to the steady decline of this type of attack.

Overall, Kaspersky said its products have blocked more than 61 million Internet-borne malware against Kaspersky users in Malaysia last year. This is over 12 million more than the detections in 2020.

Based on statistics from the Commercial Crime Investigation Department at Royal Malaysia Police, Malaysian suffered losses amounting to about RM2.23 billion on cybercrime frauds since 2017.  

“Amidst this rise and fall in web and local threats, we can see that the number of scams and breaches are increasing year after year.  And it’s interesting because attackers are now resorting to non-technology focused attacks, exploiting human vulnerabilities, involving all sorts of scams through SMS, automated phone calls, popular messengers, social network and others.

“This require vigilance from users, from companies, and from government bodies and regulators to ensure that we are building a safer cyberspace as we progress technologically,” added Yeo. 

Kaspersky experts have the following tips to help employers and businesses continue to stay on top of any potential IT security issues and remain productive:

  • Cybersecurity should be a “living” strategy, not a static platform.This will blend technology and effort, and is constantly upgraded, updated and improved. Banks need to ensure a security team or security experts who will be able to ensure cyber defence infrastructure is updated, and will be able to provide support in the event of cyberthreats.
  • Ensure proven protection software on all endpoints, including mobile devices and switch on firewalls is updated.
  • Consider a threat intelligence platform – Threat intelligence will give the insight to act on, and paint a bigger, more accurate picture of the bank’s digital presence, to educate senior stakeholders about the ongoing risks and vulnerabilities. This will empower them to be able to make informed decisions on what needs to be done to keep the potential harm at bay, refine existing security processes to better defend against known threats and to continually plug any gap in the IT infrastructure.
  • Ensure third party vendors’ cybersecurity systems are also updated:  There have been increasing reports on how breaches to third-party security systems have implicated businesses. No one is immune from these security threats.

For users, here are the top online security tips in cyber-vigilance:

  • Follow the rules of cyber-hygiene – Use strong passwords for all accounts, do not open suspicious links from emails and Instant Messaging (IMs), never install software from third-party markets, be alert and use a reliable security solution.
  • Employ common sense before handing over sensitive information – Do not readily share private or confidential data online. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
  • Never click on unsafe links nor open suspicious email attachments – Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected. Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments.
  • Install an anti-malware app.Products like Kaspersky Internet Security for Android can protect against malicious apps, as well as SMS phishing links themselves.