Latest news with #MyCert
The Star
2 days ago
- Business
- The Star
Cyber fraud cases continue to surge in 2Q
PETALING JAYA: Fraud incidents continue to increase in the second quarter of this year, accounting for 80% of all reported cases to the Malaysia Computer Emergency Response Team (MyCert). The report by MyCert also found that in 2Q 2025, the most frequently reported incidents were also intrusion and data breach. With a total of 2,058 incidents reported, fraud accounted for 80% or 1,633 cases, followed by intrusion at 6% and data breach at 5%. 'Looking at the current trends, fraud incidents will most likely continue to grow in Malaysia in 2025. 'Spam incidents have tremendously increased for this quarter, while data breach incidents decreased to almost half compared to 1Q 2025,' said MyCert. 1Q 2025 saw 1,657 total incidents reported to MyCert. MyCert report said that fraud incidents referred to phishing, impersonation and spoofing, bogus email, fraudulent website, job scam, compromised email and parcel or love scam. It also revealed that the fraud tactics included impersonating government aid through phishing emails or SMS, offering financial aid but requiring victims to provide personal details or click on malicious links. Through phone calls, attackers impersonate government agencies such as the police, the Inland Revenue Board, Malaysian Communications and Multimedia Commission (MCMC), banks, companies or even CyberSecurity Malaysia. The scammers would pressure victims to disclose sensitive information, where common tactics include threats of legal action, account suspension or overdue payments. Operating under CyberSecurity Malaysia, MyCert serves as a critical resource for addressing computer security incidents, providing guidance on handling intrusions, identity theft and malware, while collaborating with law enforcement, internet service providers and international security initiatives. Meanwhile, experts are saying that the country's current anti-scam measures, including blocking suspicious numbers, SMS filtering, rapid phishing-site takedowns and bank 'kill switches' have shown significant improvements. However, Assoc Prof Datuk Dr Husin Jazri of Taylor's University said that as scams evolve, continuous improvement is necessary to stay ahead of these threats. He highlighted the cross-border syndicate involving scams, which must be thoroughly addressed. Husin said that such syndicates could potentially be operated overseas, where a group of scammers coordinate themselves operating from multiple countries to trick potential victims. 'Thus, the focus of anti-scam efforts should go beyond Malaysia's border, and coordination with the police and Interpol are critical in this effort to combat borderless threats that are coming in a big way with heavy investments backing them with dark money available in the marketplace,' he said. Husin also pointed out that the government's plan to introduce the Cybercrime Bill to replace the outdated Cybercrime Act 1997 is long overdue and most welcome. He added that the new law would help address major gaps and put Malaysia at the same pace with Singapore, the UK and EU countries in this regard. 'Hopefully the new Bill will cover cross-border evidence exchange, Incident Response and Digital Forensics standards as well to enable fast action among law enforcement agencies in Malaysia and overseas,' he added. Husin also advocated for CyberSecurity Malaysia to be empowered as a technical agency to provide enforcement assistance under the proposed law. 'At this moment, even though Cybersecurity Malaysia has the technical expertise in digital forensics, incident response, it is yet to be provided with a legal mandate to be given a focus area on what they can do best to assist and complete the anti-cyber crimes ecosystem. 'Making it go deeper into digital forensics analysis and play the role of expert witness is helping law enforcement agencies to speed up many technical analysis backlogs,' he added. Cybersecurity specialist Fong Choong Fook agreed that the proposed law would be able to close current gaps, highlighting that it could mandate rapid cross-agency data sharing between telcos, banks and enforcement for real-time action. 'The proposed law should also empower enforcement agencies to issue immediate blocking orders for malicious domains, accounts or infrastructure without lengthy bureaucratic delay. 'It should also assign clear lead agency responsibility – ideally MCMC for telecom/digital platform issues and police cybercrime units for criminal investigation – so there's no confusion about jurisdiction,' he added. As precautionary measures among the public, Fong said that people should avoid doing sensitive transactions using public wifi, such as online banking activities, to reduce risks of data or information breach. He also advised the public to only download mobile applications from the official application store and refrain from clicking on links or messages from unknown sources. Deputy Dean of Academics and Technology at the Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Dr Shafiza Mohd Shariff, said even a single careless click could lure users into more sophisticated scams, including deepfake video fraud and voice phishing that employ spoofing techniques. In spoofing-related scams, criminals who obtain a victim's phone number can alter the caller ID to mimic a familiar contact, complete with voice cloning to imitate the real voice, and use it in personal or corporate fraud, she was quoted in a Bernama report. Therefore, Shafiza advised users to remain vigilant and avoid scanning or clicking on any received links without verification. 'Users can also install phishing detection plugins on browsers and check links at or 'They should also avoid clicking on links from unverified messages or emails, search to verify the legitimacy of messages, check for website security features like the padlock icon and HTTPS, and install antivirus software on mobile devices if possible,' she said.
The Star
24-06-2025
- Politics
- The Star
Collective will, new tech vital to fight cyber threats in Asean
PUTRAJAYA: New technologies such as artificial intelligence (AI) are needed to fight the online financial crimes and ransomware attacks plaguing Asean, says Datuk Seri Saifuddin Nasution Ismail. The Home Minister said using such technologies would help enforcement agencies in the region work together to detect, prevent and tackle these crimes. "The rise of cybercrime, everything from financial scams to ransomware attacks, shows us that this is not a 'future problem'. "It is a pressing issue right now. ALSO READ: 'Need for global action to counter cyber threat spike' "Our digital intelligence must evolve as fast as technologies and this means we must adopt new technologies such as the use AI responsibly to significantly improve detection, prevention and enforcement against these crimes," he said in his speech at the opening of the 25th Asean Senior Officials Meeting on Transnational Crime (SOMTC) here on Tuesday (June 24). While the use of new technologies is crucial, Saifuddin said it is only a part of the solution in countering cyber threats in Asean. "While we may have the use of these new tools, the true strength comes from our collective responses. "This includes trust, sharing of information and building on each other's capabilities," he added. ALSO READ: MyCert: Malaysia data breaches up 29% in Q1 2025 He said efforts to combat regional transborder crimes must be matched by a willingness to act decisively among member states. "What we need is not only our alignment but courage to confront new, hybrid threats," he said, adding that this included discarding outdated mechanisms and making bold decisions. He said Malaysia remains fully committed in fighting transborder crimes as it crucial for the continued peace and progress of the region. "It is crucial for the safety, stability and the shared prosperity of Asean. "Without security, there can be no prosperity, and without peace, there can be no meaningful progress," he said. ALSO READ: Phishing, online scams dominate global cybercrime landscape, says Interpol Meanwhile, Saifuddin said that Malaysia continues to firmly hold on to Asean's core principle of neutrality. This is even more crucial for Asean in the current, divided global landscape, he added. "We believe that not choosing sides is not being tacit. "It is a strategic approach that protects our collective sovereignty and strengthens our unity. "Asean's strength has always stemmed from its unity and inclusivity in diversity," he said.
The Star
11-06-2025
- Business
- The Star
MyCert: Malaysia data breaches up 29% in Q1 2025
MyCert said reports on ransomware incidents have decreased to 25% in Q1 2025, with 12 incidents compared to 16 in the last quarter. — Pixabay PETALING JAYA: The Malaysia Computer Emergency Response Team (MyCert) reported an increase in data breach incidents in Malaysia in the first quarter of the year. "Data breach incidents are growing in Malaysia with a nearly 29% increase this quarter, underscoring the need for better security measures to ensure national security and public trust," said MyCert. According to its latest Cyber Incident Quarterly Summary report released on June 10, MyCert received 195 incidents reports on data breach incidents in Q1 2025, compared to 151 in Q4 2024. No specific details were provided. It shared that "high-profile breaches" often involve massive datasets with personal identifier information (PII) such as full name, IC number, financial details and addresses being compromised. MyCert, which operates under Cybersecurity Malaysia, said it is also observing a trend of perpetrators stealing and holding sensitive data hostage until the affected organisation pays a ransom. However, it said reports on ransomware incidents have decreased to 25% in Q1 2025, with 12 incidents compared to 16 in the last quarter. It also shared that businesses are the "most impacted by ransomware incidents" in Malaysia with Active Directory servers being primary targets. Fraud incidents continue to target both end users and organisations. MyCert said it has become the preferred method of criminals due to lack of awareness among the public. It reported handling a total of 1,126 fraud cases this quarter, a 2% increase from last quarter. The top fraud incident is phishing with 719 cases, representing 68% of all cases. Overall, MyCert recorded 1,657 incidents in Q1 2025 in a number of categories including denial of service, malicious code and intrusion attempts; marking a 7% increase from 1,550 cases in the previous quarter.
