Understanding Malaysia’s Cyber Threat Landscape: A 2025 Outlook

In 2025, Malaysia has experienced a sharp increase in cyber threats, underscoring the critical need for organizations across all sectors to strengthen their cyber security measures. As digital platforms continue to play a central role in business and governance, cyber criminals are evolving their tactics, targeting businesses, governments, and individuals with more sophisticated methods. These attacks range from targeting critical infrastructure to employing advanced social engineering techniques, highlighting the ever-evolving nature of the threat landscape.

In response, Malaysia has introduced its National Cyber Security Strategy for 2025–2030, which aims to build resilience, enhance awareness, and improve intelligence to combat these emerging threats. As we move forward, it’s crucial for organizations to stay vigilant and proactive in safeguarding their systems. As a leader, the first step should be to understand the cyber threat landscape. To grasp the full picture, it’s essential to look at what happened in 2024, what’s unfolding now, and what may come next. Staying informed and proactive will help organizations strengthen their defenses.

Major Cyber Threats and Incidents in Malaysia 2024

• Surge in scam calls: In 2024, scam calls in Malaysia surged by 82.81%, with nearly 2.98 million incidents reported. These calls often impersonated government officials or law enforcement agencies, creating panic and pressuring victims to provide personal information. Details obtained through these calls were frequently misused for malicious activities, including fraud and identity theft. This rise in scam calls showed how cyber criminals exploited people’s trust, putting personal and financial information at great risk.
• Ransomware attacks: Ransomware attacks surged in Malaysia in 2024, becoming one of the most severe threats to organizations across sectors. According to Kaspersky, Malaysia saw a 153% increase in ransomware incidents in 2024 compared to the previous year. A notable example was the ransomware attack on Prasarana Malaysia Berhad, a public transport company, where the group RansomHub claimed to have stolen 316GB of the organization’s data, threatening to publish it. This attack underscored the increasing sophistication of cyber criminals, who targeted critical services like transportation.
• Babylon RAT campaign: The Babylon RAT campaign was a significant cyber threat that targeted Malaysian political figures and government officials. The attackers used deceptive methods, such as malicious ISO files and hidden scripts, to gain unauthorized access to victims’ systems. Once inside, they deployed Babylon RAT, a powerful Remote Access Trojan (RAT) that allowed attackers to monitor activities, steal sensitive data, and control the infected systems remotely. This type of attack is particularly dangerous because it can remain hidden, giving cyber criminals continuous access to valuable information. With political figures and government officials being prime targets, this campaign highlighted the increasing need for robust cyber security to protect sensitive government data from cyber espionage.
• Web-based threats: In 2024, Malaysia topped Southeast Asia with a staggering 19.62 million web-based cyber attacks in the first half of the year, according to Kaspersky. This placed the country at the forefront of cyber threats in the region, surpassing Indonesia, which faced 3.2 million web attacks. As businesses and governments increasingly relied on digital platforms, cyber criminals exploited vulnerabilities in unprotected systems, leading to significant risks for critical infrastructure like healthcare and energy.
• The rise of phishing scams: In 2024, phishing scams continued to be one of the most significant cyber security threats in Malaysia, with cyber criminals using increasingly sophisticated methods to deceive individuals. These scams often involved fraudulent communications that appeared legitimate, tricking victims into providing sensitive information such as banking details or credit card numbers. A notable example was the overpayment scam that targeted Malaysian individuals, where victims received fake emails claiming they had overpaid the Malaysian government due to a system error. The email prompted recipients to click on a link, which led them to a counterfeit website asking for credit card details and OTPs, resulting in unauthorized charges. This surge in phishing incidents highlighted the need for stronger vigilance and better cyber security practices across the country.
• Data breaches in critical sectors: Data breaches became a significant issue in Malaysia in 2024, with critical sectors being particularly affected. These sectors, which managed sensitive data, found themselves vulnerable to attacks as cyber criminals exploited system weaknesses. A prime example is the Big Pharmacy data breach in 2024, where 50GB of sensitive data was exposed. This serves as a stark reminder of the need for strengthened cyber security measures to protect valuable data in critical sectors.

Key Cyber Threats to Watch for in 2025

Below are the key threats to watch out for in 2025, as they are likely to haunt the digital landscape and cause significant disruptions if left unaddressed.

• QR code phishing (Quishing): With the rise in QR code usage across Malaysia, QR phishing or “quishing” is anticipated to be a growing threat. Cyber criminals are placing malicious QR codes over legitimate ones to redirect users to fraudulent websites that steal personal data or money. This scam is particularly dangerous as QR codes are commonly used for banking and payment systems. As more people rely on QR codes for convenience, the risk of falling victim to such scams increases, making it essential to remain cautious when scanning unknown codes.
• Ransomware attacks on critical infrastructure: Ransomware continues to be a major threat, particularly targeting critical infrastructure such as transportation, healthcare, and government services. A significant example was the March 2025 ransomware attack on Kuala Lumpur International Airport (KLIA), which disrupted flight information systems and check-in counters, highlighting the vulnerability of essential services. As cyber criminals continue to target high-profile sectors, organizations must prepare for more frequent and sophisticated attacks, which not only demand large ransoms but also put sensitive data at risk.
• Attacks by “INDOHAXSEC” group: In 2025, CyberSecurity Malaysia issued an alert regarding an increase in cyber attacks launched by the group INDOHAXSEC, targeting both government and private sector organizations. These attacks involve data breaches, credential compromise, and web defacements (unauthorized alteration of a website’s content), aimed at spreading hate messages and disrupting online services. The alert emphasizes the urgency for organizations to strengthen their defenses by updating systems, applying security patches, and ensuring proper configuration to prevent such incidents. Financial institutions, in particular, are urged to stay vigilant against phishing and fraudulent activities targeting internet banking.
• Scam calls impersonating authorities: CyberSecurity Malaysia has issued an alert about a growing scam where cyber criminals impersonate Cyber Security Malaysia, the Cyber999 Incident Response Centre, and various law enforcement agencies. These scammers claim that victims are involved in illegal activities, such as online gambling or scams, and pressure them to provide personal information or follow harmful instructions. The calls often come from personal mobile numbers, creating panic and urgency by threatening victims with legal action or arrest. It is important to stay cautious and never share personal details over the phone.
• AI-powered phishing attacks: Phishing scams, including smishing (SMS phishing) and vishing (voice phishing), are expected to rise, with attackers using more sophisticated methods to impersonate trusted entities. With AI algorithms capable of mimicking writing styles and voice patterns, these attacks are becoming more deceptive and difficult to identify. The increasing personalization of these attacks makes them harder to detect. Organizations and individuals should remain vigilant, especially as cyber criminals target sensitive financial and personal information.

A Message for the Leadership

The list of cyber threats is endless, continuously changing, evolving, and multiplying. The strategy should not be about targeting each threat with an arrow, but rather about building a stronger foundation—a wall that secures the organization and makes it difficult for any threat or tactic to break through. While no defense will ever make us fully immune to cyber attacks, the key is resilience. During times of crisis, act responsibly, remain calm, and stay prepared.

Investing in cyber security may not always yield immediate material gains, but its value goes far beyond profit. It’s what keeps the organization alive, providing the critical protection needed to sustain operations and build trust. Remember, cyber security isn’t just an added business goal—it’s the backbone of the organization’s long-term success.