Malaysia Computer Emergency Response Team (“MyCERT”) observed an increase in various cybersecurity attacks capitalizing the COVID-19 pandemic, focusing on phishing emails, websites, scam domains, malware and vulnerable sectors and infrastructures in the health sector.
The data gathered by Kaspersky Security Network (KSN), that automatically analyzes cybersecurity-related data streams from millions of voluntary participants around the world, shows that 2020 was a bed of roses for the cybercriminals, as the world entered working, learning from home, and the heavy reliance on internet connectivity.
According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, “The on-going effort by the ministry after the launch of the National Cyber Security Awareness Module and Cyber Security Enhancement Project for small and medium enterprises (SMEs) and public remain a crucial puzzle to counter the ever-growing cyberthreats in the country.”
“One of our researches also showed that SMEs value cybersecurity investment with 36% are more likely to cut advertising budgets than IT or cybersecurity and thankfully, the latest threat statistics for Malaysia show these efforts by the government, the SMEs and the public are bearing fruits. These efforts must continue to see a more cyber resilient Malaysia. We should not go easy with our cyber defense. We should not put our guards down now,” Yeo adds.
KSN shows that the web threats spiked to 48 million in 2020 from 36 million in 2019. It was then gone up again in 2021 to 61 million web threats before coming down to 37 million in 2022.
Web threats are attacks via browsers, which primarily method for spreading malicious programs. Generally, most often used by cybercriminals to penetrate systems.
While web threats were severely attacking the Malaysian users in 2020, local threats experienced a downward trend in Malaysia, 54 million in 2020, then 35 million in 2021 and later 22 million in 2022.
Local threats are where users being attacked by malware spread through removable USB drives and other offline methods.
Data of Web Threats and Local Threatscollected and analyzed by Kaspersky Security Network from 2017-2022
To protect SMEs, Kaspersky recommends:
- Providing staff with basic cybersecurity training as many targeted attacks start with phishing or other social engineering techniques.
- Using a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails.
- Taking key data protection measures. Always safeguard corporate data and devices, including by using password protection, encrypting work devices, and ensuring data is backed up.
- Keeping work devices physically safe, do not leave them unattended in public, always lock them and use strong passwords and encryption software.
9 March 2023