Malaysia Threat Report: 2024 Cybersecurity Insights
The Malaysia cybersecurity threat report 2024 highlights a year of escalating attacks against businesses across all sectors. Understanding the threat landscape is essential for Malaysian organisations seeking to strengthen their defences and make informed security investment decisions.
In today’s rapidly evolving digital landscape, cyber threats continue to pose significant risks to businesses of all sizes. With the increasing complexity of cyberattacks, traditional security measures are no longer sufficient. Organizations must adopt proactive threat intelligence solutions that not only detect threats but also take immediate action. Simply Data is at the forefront of cybersecurity innovation, offering an advanced Threat Intelligence – Integrated SOAR Automation Blocking solution that ensures robust protection for enterprises.
Key Insights from the 2024 Malaysia Threat Report
Our latest Malaysia Threat Report provides an in-depth analysis of cybersecurity incidents, revealing alarming trends in the cyber threat landscape. In 2024 alone, Simply Data collected and analyzed 71,830,607,531 logs, identifying key attack patterns and vulnerabilities exploited by malicious actors.
Executive Summary
The report highlights a significant rise in ransomware attacks, phishing campaigns, and targeted intrusions affecting organizations across multiple sectors. Notably, Malaysia has seen a surge in APT (Advanced Persistent Threat) groupsleveraging zero-day vulnerabilities to infiltrate critical infrastructure.
The report identifies threat actors such as FLAX TYPHOON, SIDEWINDER, RIPPERSEC, GAMAREDON, HUNTERS, RANSOMHUB, RHYSIDA, and BLACKCAT, who have been actively targeting financial institutions, logistics, and education sectors in Malaysia. These groups employ sophisticated techniques like credential theft, supply chain attacks, and advanced evasion tactics. Additionally, the LockBit ransomware group has been responsible for several high-profile ransomware incidents, crippling organizations through double extortion tactics—encrypting data and threatening to release stolen information publicly.
Another critical finding is the rise in phishing-as-a-service (PhaaS) platforms, enabling cybercriminals to deploy large-scale credential-harvesting campaigns with minimal effort. The emergence of deepfake social engineering tactics further complicates security defenses, requiring businesses to enhance their detection mechanisms.
Top 5 Cybersecurity Incidents
Our research recorded a substantial rise in cybersecurity incidents across Malaysia in 2024. The report details multiple high-impact cases, including:
- Unauthorized Access via Brute Force Attacks – Attackers exploited weak passwords and credential stuffing techniques, leading to significant breaches.
- Ransomware Infections via Phishing Emails – Organizations fell victim to sophisticated phishing campaigns delivering ransomware payloads.
- Supply Chain Attacks – Malware was injected into widely used third-party software updates, compromising hundreds of businesses.
- Data Destruction & Wiper Malware Attacks – Malicious actors deployed destructive malware to erase critical business data.
- Cloud Infrastructure Exploitation – Attackers took advantage of misconfigured public cloud environments, leading to data leaks and account takeovers.
Top 3 MITRE Tactics & Techniques
The report highlights the most commonly used MITRE ATT&CK techniques observed in attacks against Malaysian businesses:
- T1110 (Brute Force Attacks) – Cybercriminals attempted to gain access by guessing user credentials.
- T1665 (Hide Infrastructure) – Adversaries concealed malicious command-and-control (C2) communications to avoid detection.
- T1485 (Data Destruction) – Attackers deployed malware to delete critical data, disrupting business operations.
Threat Intelligence by Countries
The report reveals the top 5 countries from which cyberattacks targeting Malaysia originated:
- United States – Hosting a significant number of compromised servers used in attacks.
- China – Linked to state-sponsored APT activities.
- Great Britain – Origin of multiple cybercrime operations.
- South Korea – Emerging hub for cyber exploitation activities.
- Russia – A major source of ransomware and cyber extortion campaigns.
Key Risks Identified in 2024
The primary risks affecting organizations in Malaysia include:
Download Full Report
Stay Ahead with Simply Data
Cyber threats are becoming more sophisticated, and organizations must be proactive in their defense strategies. With Simply Data’s Threat Intelligence – Integrated SOAR Automation Blocking, businesses can safeguard their critical assets, maintain compliance, and ensure uninterrupted operations.
Want to learn more about how Simply Data can protect your business? Contact us today to schedule a consultation or subscribe to our quarterly Cybersecurity Intelligence Newsletter for the latest threat updates.
Resources and Further Reading on Malaysia Cybersecurity Threat Report 2024
For organisations looking to strengthen their cybersecurity posture, the following authoritative resources provide valuable guidance: CISA Cyber Threats and Advisories | MITRE ATT&CK Framework.
Simply Data offers a full suite of cybersecurity and technology solutions tailored for Malaysian businesses. Explore our services: SOC-as-a-Service | Cybersecurity Case Studies. Ready to get started? Contact our cybersecurity experts for a free consultation today.
Frequently Asked Questions
1. What were the most common cybersecurity incidents in Malaysia in 2024?
The report identifies five high-impact incident types that surged in 2024:
– Brute Force Attacks: Exploiting weak passwords to gain unauthorized access.
– Ransomware via Phishing: Using sophisticated emails to deliver malicious payloads.
– Supply Chain Attacks: Injecting malware into third-party software updates.
– Data Destruction: Deploying “wiper” malware to intentionally erase business data.
– Cloud Exploitation: Targeting misconfigured public cloud environments.
2. Which industries in Malaysia are being targeted by Advanced Persistent Threat (APT) groups?
The report highlights that APT groups (such as FLAX TYPHOON and SIDEWINDER) are actively targeting financial institutions, logistics, and education sectors. These groups often leverage zero-day vulnerabilities to infiltrate critical infrastructure.
3. What is “Double Extortion” in the context of ransomware?
The report mentions that groups like LockBit use double extortion tactics. This means they do not just encrypt an organization’s data to demand a ransom, they also threaten to release stolen sensitive information publicly if the payment is not made, increasing the pressure on victims.
4. From which countries do most cyberattacks against Malaysia originate?
According to Simply Data’s threat intelligence, the top 5 countries serving as sources for cyberattacks targeting Malaysia are the United States, China, Great Britain, South Korea, and Russia. These locations host compromised servers or serve as hubs for state-sponsored and criminal operations.
5. How are “Phishing-as-a-Service” (PhaaS) and deepfakes changing the threat landscape?
Cybercrime has become more accessible through PhaaS platforms, which allow low-skilled attackers to launch large-scale credential-harvesting campaigns. Additionally, the emergence of deepfake social engineering has made it harder for employees to distinguish between legitimate communications and fraudulent ones, requiring more advanced detection mechanisms.
