Overview
The Cyber Incident Quarterly Summary Report for Q4 2024 provides an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia. This report highlights incident statistics, categorization, and security alerts issued in the quarter, reflecting only the number of reported cases without considering financial losses or other consequences.
CyberSecurity Malaysia collaborates with ISPs, CERTs, Special Interest Groups (SIGs), and Law Enforcement Agencies (LEAs) to mitigate cyber threats targeting Malaysian organizations and citizens.
Cybersecurity Trends in Q4 2024
Malaysia’s internet user base is projected to increase by 5.74% from 2024 to 2029. The Cyber999 Incident Response Centre actively gathers intelligence and collaborates with global entities to enhance cybersecurity defenses.
In Q4 2024, Cyber999 recorded 1,550 incidents, marking a 4% decrease from the 1,623 incidents in Q3 2024.
Breakdown of Incidents Per Month in Q4 2024:
| Incident Category | October | November | December |
| Denial of Service | 0 | 1 | 2 |
| Fraud (Total) | 372 | 333 | 402 |
| Vulnerabilities Report | 11 | 12 | 11 |
| Intrusion | 26 | 33 | 16 |
| Intrusion Attempts | 30 | 34 | 33 |
| Malicious Codes | 18 | 9 | 15 |
| Content Related | 53 | 53 | 45 |
| Spam | 12 | 7 | 21 |
| Total | 522 | 483 | 545 |
Key Findings:
- Fraud (71%) remains the most reported category, with phishing being the dominant attack method.
- Data breaches (10%) continue to threaten Malaysian cybersecurity.
- Intrusion attempts (6%) and vulnerability exploitation saw notable increases.
Projected Trends for 2025
- Online scams and frauds will continue evolving with advanced social engineering techniques.
- Data breaches may rise unless organizations implement stricter security policies.
- New malware tactics, particularly through phishing and malicious APKs, could proliferate in Malaysia’s digital space.
Top Malware Incidents in Q4 2024
Malicious Android Package (APK) files were the most reported malware incidents in Q4 2024. These APKs are used to install malware on Android devices, often disguised as legitimate applications. Attackers spread these through phishing emails, fake websites, or third-party app stores.
Ransomware Incidents: A Growing Concern
Ransomware cases increased by 78% in Q4 2024, rising from 9 cases in Q3 to 16 cases in Q4. Businesses, especially those relying on Active Directory (AD) servers, were primary targets.
Common Attack Methods:
- AD Server Exploitation: Ransomware operators use PsExec, Group Policy Objects (GPOs), and WMI to spread malware across networks.
- Virtualization Platform Vulnerabilities: Attackers targeted VMware and ESXi servers to compromise multiple virtual machines simultaneously.
- Credential-Based Attacks: Ransomware groups used phishing, brute force, and stolen credentials to infiltrate corporate environments.
Top Ransomware Variants Reported:
| Ransomware Variant | Number of Incidents |
| Lockbit | 3 |
| MedusaLocker | 2 |
| Valencia | 2 |
| Hunters International | 1 |
| NETCrypton | 1 |
| Akira | 1 |
| Crypto24 | 1 |
| Ransomhub | 1 |
| Arcus Media | 1 |
Security Recommendations:
- Maintain offline backups and implement multi-factor authentication (MFA).
- Regularly update endpoint security and deploy network segmentation.
- Conduct phishing awareness training for employees.
Botnet Infections and Cryptojacking Trends
Top Botnets in Malaysia in Q4 2024
A botnet is a network of compromised computers controlled by cybercriminals. These were commonly used for DDoS attacks, phishing, credential theft, and cryptojacking.
| Botnet Name | Infected IPs |
| Avalanche-Andromeda | 5,262,332 |
| NGIOWEB | 3,572,998 |
| Android.VO1D | 3,508,305 |
| SOCKS5Systemz | 1,218,466 |
| AdLoad | 509,895 |
| ViperSoftX | 333,608 |
| Downadup | 224,192 |
| Android.Triada | 218,425 |
| Avalanche | 187,297 |
| PseudoManuscrypt | 151,174 |
Infostealers: A Persistent Threat
Infostealers are malware programs designed to steal sensitive data, including:
- Saved browser credentials
- Auto-filled login details
- FTP and email account credentials
- VPN authentication data
These threats emphasize the need for password managers and strict endpoint protection policies.
Data Breach Incidents: A Persistent Challenge
While data breaches decreased by 10% this quarter, they remain a serious concern. Major breaches often expose Personally Identifiable Information (PII), including:
- Names and identification numbers
- Addresses and phone numbers
- Financial details
Ransomware-Driven Data Extortion
Cybercriminals increasingly steal sensitive data and demand ransoms before releasing or selling it on the dark web. Organizations should work with law enforcement rather than negotiating with cybercriminals.
Recycled Data Breaches
A rising trend involves cybercriminals re-posting old data leaks and falsely claiming them as new breaches. This tactic creates unnecessary panic and reinforces the need for strong incident response strategies.
Conclusion: Key Takeaways for Q4 2024
- Total incidents decreased by 4% compared to Q3 2024, with fraud and phishing remaining dominant threats.
- Ransomware cases surged by 78%, highlighting the need for stronger security measures.
- Botnets and infostealers continue to compromise sensitive user and corporate data.
- Data breaches persist, reinforcing the need for better cyber hygiene and organizational security protocols.
Recommendations for 2025
- Strengthen Endpoint Security: Deploy AI-driven threat detection and advanced email filtering.
- Adopt Zero-Trust Models: Enforce strict authentication protocols and network segmentation.
- Enhance Employee Awareness: Conduct regular cybersecurity training and simulated phishing exercises.
- Backup & Disaster Recovery: Implement secure, offline backups to mitigate ransomware damage.
- Collaborate with Authorities: Report cyber incidents to Cyber999 and law enforcement to aid in investigations and remediation.
With evolving cyber threats, Malaysia’s cybersecurity landscape requires continuous monitoring, collaboration, and proactive defense measures to mitigate future risks.
Reference: https://www.mycert.org.my/portal/advisory?id=SR-029.022025
https://www.statista.com/statistics/553752/number-of-internet-users-in-malaysia
