Malaysia Cybersecurity Trends 2024

2024 was a defining year for Malaysia’s cybersecurity, marked by ransomware, data breaches, and governmental challenges. Here’s a look back at the year’s key events and their implications.

1. Ransomware Targets Transportation: Prasarana Breach

In August, the RansomHub ransomware attack on Prasarana Malaysia Berhad led to the theft of 316 GB of data. This incident highlighted the vulnerabilities of transportation systems, critical to Malaysia’s economy.

• Key Point: Public-facing infrastructure is increasingly at risk and demands stronger defenses.

2. Data Breach Exposes MyKAD Records

A late-2024 MyKAD data leak affected 17 million Malaysians, with national ID details sold on the dark web. This raised significant concerns about identity theft and the adequacy of current data security laws.

• Public Concern: Trust in digital data storage has eroded.

• Urgent Action Needed: The Personal Data Protection Act (PDPA) must be more rigorously enforced, with secure practices adopted across sectors.

3. Government ICT Systems: A Breach with Insider Ties

A conspiracy involving government officials and ICT system suppliers surfaced in 2024, sparking discussions about transparency and procurement vulnerabilities.

• Critical Lesson: Better oversight and accountability in government operations are essential to avoid risks from internal threats.

4. Institutional Cyber Threats Increase

Institutions like KWSP, SPR, and Malaysia Gazette experienced cyber-attacks, some linked to the global Solana group, reflecting the international nature of modern cyber threats.

• Key Insight: Organizations must adopt multi-layered security practices, including intelligence-driven monitoring and quicker detection capabilities.

5. Cryptocurrency Losses from Atomic Wallet Hack

Although the Atomic Wallet hack occurred in 2023, its effects carried into 2024, leaving Malaysian users grappling with losses exceeding $100 million in stolen cryptocurrency.

• Highlight: Decentralized finance platforms require more stringent oversight and better user education to mitigate future risks.

6. Government Data Leak on GitHub

In February, sensitive information from government agencies like the Malaysian Armed Forces and Ministry of Home Affairs was leaked on GitHub, exposing security lapses in managing public records.

• Future Steps: Improved digital hygiene, stricter access controls, and regular audits are necessary to close such gaps.

Trends to Watch for 2025

1. Protecting Critical Sectors: Transportation, utilities, and healthcare are likely to see greater focus on digital security.

2. Reinforcing Data Laws: Expanding PDPA provisions to address the growing scale of cyber threats.

3. Monitoring Emerging Threats: Tracking risks through better intelligence systems and monitoring tools.

4. Adopting Zero-Trust Systems: Ensuring that systems verify all users and devices by default.

5. Raising Awareness: Building public and organizational understanding of evolving cyber risks.

Finally, 2024 was a challenging year for Malaysia’s cybersecurity landscape, offering valuable lessons about resilience and collaboration. By addressing key vulnerabilities and preparing for future challenges, Malaysia can build a safer digital ecosystem for its citizens and organizations.