KUALA LUMPUR: Global cybersecurity company, Kaspersky revealed data the company gathered on web threats in Malaysia over the past five years.
Web threats are attacks done via browsers to spread malicious programmes. The cybercriminals use two methods to penetrate systems – exploiting vulnerabilities in browsers and the plugins or drive-by download, and social engineering, which requires the user participation, that the cybercriminals make the victims believe that they are downloading a legitimate programme.
The data, collected from 2017 till 2021 presented an exponential growth in web threats in the country. From just over 16 million detections, it is up at more than 61 million last year or a whopping three-digit climb (267pc).
Based on this data, Kaspersky shared that there was a dip in terms of web threats detections in 2019, before climbing to 33 per cent in 2020 and another additional 26 per cent in 2021.
"The WannaCry encryption malware was a real threat for enterprises in 2018. In 2019, our researchers saw growing web skimmers with the cybercriminals shifting their focus on gaining clear profits from their victims. The dip in the number of web threats in 2019 suggests that the public is becoming more aware of the threats and are using security solutions to fend them off. Cybercriminals struck again in 2020 triggered by the pandemic and we continue to witness the rise of ransomware and high-profile data breaches up to this day," said Kaspersky's general manager for Southeast Asia, Yeo Siang Tiong in a statement.
In terms of local threats, the decline has been consistent during the five-year period. More than 82 million local malware were detected and blocked by Kaspersky in 2017. Last year, it was down to just almost 36 million.
Local threats are malware infections spread through removable USB drives, CDs and DVDs, and other offline methods. With the pandemic entering its third year, shift to online has closed offices and schools which may have contributed to the steady decline of this type of attack.
Overall, according to Kaspersky, their products have blocked more than 61 million Internet-borne malware against Kaspersky users in Malaysia last year alone. This is over 12 million more than the detections in 2020.
Based on statistics from the Commercial Crime Investigation Department at Royal Malaysia Police, Malaysian suffered losses amounting to about RM2.23 billion on cybercrime frauds since 2017.
"Amidst this rise and fall in web and local threats, we can see that the number of scams and breaches are increasing year after year. And it's interesting because attackers are now resorting to non-technology focused attacks, exploiting human vulnerabilities, involving all sorts of scams through SMS, automated phone calls, popular messengers, social networks and others.
"This requires vigilance from users, from companies, and from government bodies and regulators to ensure that we are building a safer cyberspace as we progress technologically," added Yeo.
For users, here are the top online security tips for to ensure you can play your part in cyber-vigilance:
l Follow the rules of cyber-hygiene—use strong passwords, do not open suspicious links from emails and IMs, never install software from third-party markets, be alert and use a reliable security solution.
l Employ common sense before handing over sensitive information. Do not readily share private or confidential data online. When receiving an alert from a bank or other major institution, never click the link. Instead, open the browser and type the address directly to make sure the site is real.
l Never click on unsafe links nor open suspicious email attachments—avoid clicking on links in spam messages or unknown websites. If you click on malicious links, an automatic download could start, which could lead to your computer being infected. Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments.
l Ensure you download an anti-malware app. Products like Kaspersky Internet Security for Android can protect against malicious apps, as well as SMS phishing links themselves.