Malaysia Faces Cyberattack Spike Ahead Of Hari Raya

Since the start of 2025, a series of major cybersecurity incidents have been observed in Malaysia, including ransomware attacks, unauthorized intrusions, the spread of the SparkCat malicious app, data breaches, scam calls, and WhatsApp impersonation scams.

Between January and February 2025, Cyber999 recorded 1,029 reported cyber incidents. The most frequently reported cases include fraud, content-related breaches (data leaks), malicious software infections, intrusions, and intrusion attempts.

As Malaysians prepare for the festive celebrations of Hari Raya Aidilfitri, CyberSecurity Malaysia’s Cyber999 Incident Response Centre has issued an advisory to system administrators and internet users to warn and guide Malaysians on necessary precautions to mitigate such cyber threats.

Given the increased risk of cyber threats during festive periods, Cyber999 urges system administrators and internet users to remain vigilant. Hackers often take advantage of reduced monitoring and weakened defenses during holiday breaks to launch cyberattacks. The advisory highlights the need for enhanced security strategies to minimize risks.

Recommendations for System Administrators in Malaysia

System administrators play an important role in safeguarding digital infrastructure against cyber threats. Cyber999 recommends the following best practices:

• Keep Systems Updated: Ensure that all operating systems, applications, and third-party add-ons are updated with the latest security patches.
• Upgrade Legacy Software: If running older software versions, upgrade to the latest versions to prevent exploitation of known vulnerabilities.
• Use Reliable Security Sources: Refer to vendors’ official websites or Cyber999’s security advisories for the latest updates.
• Enhance Anti-Virus Protection: Ensure that antivirus software on all hosts and email gateways is updated with the latest signature files.
• Check System Configurations: Proper system configuration helps prevent issues such as unintended information disclosure and unauthorized directory access.
• Enable System Logging: Keep system logging activated to track and analyze potential security breaches.
• Perform Regular Backups: Back up all critical information daily and store copies offline in a secure location.
• Implement a Multi-Layered Defense Strategy: Use firewalls, Intrusion Prevention Systems (IPS), and Intrusion Detection Systems (IDS) to detect and prevent cyberattacks.

Advice for Financial Institutions

With financial transactions at their peak during the festive season, financial institutions must adopt stringent security measures to counter phishing scams and fraudulent activities. Cyber999 advises:

• Educating Customers: Banks should actively educate their customers on safe browsing, email security, and secure internet banking practices.
• Strengthening Security Infrastructure: Institutions must ensure robust cybersecurity frameworks to detect and mitigate online fraud attempts.
• Updating Contact Information: Make system administrators’ contact details accessible in case of emergency security incidents.

Precautions for Home Users

Home users are also at risk of cyber threats, particularly from phishing scams and malware infections. Cyber999 provides the following recommendations:

• Update Devices and Software: Regularly update PCs, browsers, and applications with the latest security patches.
• Install and Maintain Antivirus Software: Ensure that antivirus programs are installed and updated to detect new viruses and malware.
• Exercise Caution Online: Avoid clicking on links or opening attachments from unknown sources on social media and emails.
• Be Aware of Online Scams: Stay informed about the latest online scams targeting internet users.
• Backup Important Data: Regularly back up critical data and store copies offline to mitigate the impact of potential data loss.

CyberSecurity Malaysia encourages individuals and organizations to report any cybersecurity incidents through its Cyber999 reporting channels. The 24/7 On-Call Incident Reporting service remains operational during the festive season to assist with urgent cybersecurity threats.

Final Thoughts

Staying informed and proactive is key to safeguarding Malaysia’s digital landscape. The Cyber Incident Quarterly Summary Report for Q4 2024 provides a comprehensive analysis of reported security incidents, offering insights into threat trends, attack categories, and key security advisories. While it does not measure financial losses, it serves as an essential resource for understanding the nation’s cybersecurity challenges.

With cybercriminals exploiting vulnerabilities across various sectors, preventive measures are no longer optional—they are critical. Cyber999 urges all stakeholders, including system administrators, businesses, financial institutions, and everyday internet users, to adopt security practices, update their systems regularly, and stay vigilant against emerging threats.

By nurturing a culture of cybersecurity awareness and preparedness, Malaysians can better protect their personal and organizational data—ensuring a safer, more secure digital environment for all, even as they celebrate Hari Raya Aidilfitri with peace of mind.

Related