Latest news with #MalaysiaComputerEmergencyResponseTeam
The Star
2 days ago
- Business
- The Star
Cyber fraud cases continue to surge in 2Q
PETALING JAYA: Fraud incidents continue to increase in the second quarter of this year, accounting for 80% of all reported cases to the Malaysia Computer Emergency Response Team (MyCert). The report by MyCert also found that in 2Q 2025, the most frequently reported incidents were also intrusion and data breach. With a total of 2,058 incidents reported, fraud accounted for 80% or 1,633 cases, followed by intrusion at 6% and data breach at 5%. 'Looking at the current trends, fraud incidents will most likely continue to grow in Malaysia in 2025. 'Spam incidents have tremendously increased for this quarter, while data breach incidents decreased to almost half compared to 1Q 2025,' said MyCert. 1Q 2025 saw 1,657 total incidents reported to MyCert. MyCert report said that fraud incidents referred to phishing, impersonation and spoofing, bogus email, fraudulent website, job scam, compromised email and parcel or love scam. It also revealed that the fraud tactics included impersonating government aid through phishing emails or SMS, offering financial aid but requiring victims to provide personal details or click on malicious links. Through phone calls, attackers impersonate government agencies such as the police, the Inland Revenue Board, Malaysian Communications and Multimedia Commission (MCMC), banks, companies or even CyberSecurity Malaysia. The scammers would pressure victims to disclose sensitive information, where common tactics include threats of legal action, account suspension or overdue payments. Operating under CyberSecurity Malaysia, MyCert serves as a critical resource for addressing computer security incidents, providing guidance on handling intrusions, identity theft and malware, while collaborating with law enforcement, internet service providers and international security initiatives. Meanwhile, experts are saying that the country's current anti-scam measures, including blocking suspicious numbers, SMS filtering, rapid phishing-site takedowns and bank 'kill switches' have shown significant improvements. However, Assoc Prof Datuk Dr Husin Jazri of Taylor's University said that as scams evolve, continuous improvement is necessary to stay ahead of these threats. He highlighted the cross-border syndicate involving scams, which must be thoroughly addressed. Husin said that such syndicates could potentially be operated overseas, where a group of scammers coordinate themselves operating from multiple countries to trick potential victims. 'Thus, the focus of anti-scam efforts should go beyond Malaysia's border, and coordination with the police and Interpol are critical in this effort to combat borderless threats that are coming in a big way with heavy investments backing them with dark money available in the marketplace,' he said. Husin also pointed out that the government's plan to introduce the Cybercrime Bill to replace the outdated Cybercrime Act 1997 is long overdue and most welcome. He added that the new law would help address major gaps and put Malaysia at the same pace with Singapore, the UK and EU countries in this regard. 'Hopefully the new Bill will cover cross-border evidence exchange, Incident Response and Digital Forensics standards as well to enable fast action among law enforcement agencies in Malaysia and overseas,' he added. Husin also advocated for CyberSecurity Malaysia to be empowered as a technical agency to provide enforcement assistance under the proposed law. 'At this moment, even though Cybersecurity Malaysia has the technical expertise in digital forensics, incident response, it is yet to be provided with a legal mandate to be given a focus area on what they can do best to assist and complete the anti-cyber crimes ecosystem. 'Making it go deeper into digital forensics analysis and play the role of expert witness is helping law enforcement agencies to speed up many technical analysis backlogs,' he added. Cybersecurity specialist Fong Choong Fook agreed that the proposed law would be able to close current gaps, highlighting that it could mandate rapid cross-agency data sharing between telcos, banks and enforcement for real-time action. 'The proposed law should also empower enforcement agencies to issue immediate blocking orders for malicious domains, accounts or infrastructure without lengthy bureaucratic delay. 'It should also assign clear lead agency responsibility – ideally MCMC for telecom/digital platform issues and police cybercrime units for criminal investigation – so there's no confusion about jurisdiction,' he added. As precautionary measures among the public, Fong said that people should avoid doing sensitive transactions using public wifi, such as online banking activities, to reduce risks of data or information breach. He also advised the public to only download mobile applications from the official application store and refrain from clicking on links or messages from unknown sources. Deputy Dean of Academics and Technology at the Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Dr Shafiza Mohd Shariff, said even a single careless click could lure users into more sophisticated scams, including deepfake video fraud and voice phishing that employ spoofing techniques. In spoofing-related scams, criminals who obtain a victim's phone number can alter the caller ID to mimic a familiar contact, complete with voice cloning to imitate the real voice, and use it in personal or corporate fraud, she was quoted in a Bernama report. Therefore, Shafiza advised users to remain vigilant and avoid scanning or clicking on any received links without verification. 'Users can also install phishing detection plugins on browsers and check links at or 'They should also avoid clicking on links from unverified messages or emails, search to verify the legitimacy of messages, check for website security features like the padlock icon and HTTPS, and install antivirus software on mobile devices if possible,' she said.
The Star
11-06-2025
- Business
- The Star
MyCert: Malaysia data breaches up 29% in Q1 2025
MyCert said reports on ransomware incidents have decreased to 25% in Q1 2025, with 12 incidents compared to 16 in the last quarter. — Pixabay PETALING JAYA: The Malaysia Computer Emergency Response Team (MyCert) reported an increase in data breach incidents in Malaysia in the first quarter of the year. "Data breach incidents are growing in Malaysia with a nearly 29% increase this quarter, underscoring the need for better security measures to ensure national security and public trust," said MyCert. According to its latest Cyber Incident Quarterly Summary report released on June 10, MyCert received 195 incidents reports on data breach incidents in Q1 2025, compared to 151 in Q4 2024. No specific details were provided. It shared that "high-profile breaches" often involve massive datasets with personal identifier information (PII) such as full name, IC number, financial details and addresses being compromised. MyCert, which operates under Cybersecurity Malaysia, said it is also observing a trend of perpetrators stealing and holding sensitive data hostage until the affected organisation pays a ransom. However, it said reports on ransomware incidents have decreased to 25% in Q1 2025, with 12 incidents compared to 16 in the last quarter. It also shared that businesses are the "most impacted by ransomware incidents" in Malaysia with Active Directory servers being primary targets. Fraud incidents continue to target both end users and organisations. MyCert said it has become the preferred method of criminals due to lack of awareness among the public. It reported handling a total of 1,126 fraud cases this quarter, a 2% increase from last quarter. The top fraud incident is phishing with 719 cases, representing 68% of all cases. Overall, MyCert recorded 1,657 incidents in Q1 2025 in a number of categories including denial of service, malicious code and intrusion attempts; marking a 7% increase from 1,550 cases in the previous quarter.
The Sun
20-05-2025
- The Sun
Cyberstalking new challenge in battle against digital crime
PETALING JAYA: Never mind scam calls, stalking by cyber creeps is the new horror experience. Experts say cyberstalking has become the new focus in Malaysia's fight against cybercrime, with spyware-laden apps, stolen personal data and insider leaks providing stalkers the means to invade lives undetected. Cybersecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said despite updates in 2023, existing laws remain inadequate to deal with cybercrimes. 'Malaysia amended the Penal Code in 2023 to criminalise stalking, including cyberstalking, under Section 507A. However, enforcement challenges remain due to anonymous online behaviour, outdated legal tools and limited victim support mechanisms,' Amirudin said in an emailed response to theSun. He also said these cases also remain underreported due to stigma, fear and lack of awareness. Amirudin said the personal data used in such incidents is often obtained through data breaches, public social media accounts, malicious mobile apps or leaks from third parties, such as insiders from call centres who sell personal contact information to scam syndicates. 'Scammers use this information to make unsolicited calls, send messages or add individuals to scam groups on platforms like Telegram or WhatsApp. While GPS tracking and spyware are less common, they are used in more targeted cases,' he said. Amirudin also advised victims of cyberstalking to systematically gather and preserve digital evidence to support investigations. 'Victims should take clear screenshots of messages, call logs, profiles and any suspicious content, ensuring that dates and times are clearly visible. Chat logs, emails and media files must be saved in their original, unaltered format.' 'Where possible, back up all evidence to a secure cloud service or external storage device. Once collected, this evidence should be reported promptly to relevant authorities for appropriate action.' According to Malaysia Computer Emergency Response Team data, Malaysia logged 4,219 online fraud cases in 2024, making it the top cybercrime in the country. This was followed by digital intrusions, with 755 cases. Commenting on the technical landscape, Taylor's University professor and Global Alliance for Cyber Safety director Datuk Husin Jazri said stalkerware and obfuscated malware are increasingly being used in cases of intimate partner violence and gender-based threats in Malaysia. 'These tools allow perpetrators to monitor, record and control victims remotely. They are difficult to detect,' he said. Husin cited several examples of such malicious apps, which are often disguised as phone RAM boosters, battery optimisers, child monitoring tools or even free keyboard apps. These apps commonly request high-level permissions or exploit Android's Accessibility Services to intercept data and log user activity. Husin also warned that fake system apps are being used to steal sensitive information. 'These apps disguise themselves as firmware updates but are actually sideloaded apps or phishing tools. 'They operate silently in the background without any visible icon, capable of recording microphone audio, capturing periodic screenshots and even harvesting messaging data from apps such as WhatsApp and Telegram,' he added. He also said Malaysia has limited technical capacity to trace and effectively respond to cyberstalking cases. 'We need a dedicated agency to ensure our digital citizens are safe and aware of the surrounding threats that are targeted at a random pace,' he said. He also urged immediate action, including the introduction of a Cyber Safety Act, revamping outdated laws like the Computer Crimes Act 1997, and rolling out cyber education in schools. 'Companies should be mandated to provide regular training for employees on data protection and online safety, as cyber threats are constantly evolving, particularly with the rise of AI (artificial intelligence),' he added.
