PETALING JAYA: According to the CyberSecurity Malaysia report, the government sector experienced the greatest number of data breaches, while the telecommunications sector leaked the highest volume of data in the first half of the year.
In the Mid-Year Threat Landscape Report 2023, it said the government sector accounted for 22% of breaches, followed by telecommunications at 9%.
The education and retail sectors each accounted for 6%, while an assortment of other sectors made up the remaining 48%.
The national cybersecurity specialist agency under the Communications and Digital Ministry said that government ministries and agencies “are exposed to significant cyber risks, including vulnerable software, weak access controls, data exposure and other critical issues”.
It recommended a comprehensive assessment across all government agencies, proposing that it cover web and hosting infrastructure, data centres, internal systems and the ministry's entire ecosystem.
“From the data, we can see that 71% of these incidents are related to Admin Panel/C Panel, customer data and sensitive data leaks,” it said.
As for the volume of data leaked, the agency said a “staggering amount of 842.84GB” was exposed, with the telecommunications sector topping the list (424.92GB), followed by government sectors (291.49GB), banking (62.46GB), IT (14.60GB), and others (49.37GB).
“Alarmingly, 36.96% of the TAs (threat actors) are engaged in selling the leaked data. Even more concerning is the fact that 63.04% of these TAs are in this fray to share the data.
“This could imply a range of subsequent scenarios – from public leaks that are meant to damage reputations to sharing among TA networks for more extensive exploitation,” CyberSecurity Malaysia said in the report.
It named LeakBase, DeltaBoys, Desorden, Actifedot and Juliay as the top five threat actors leaking the country’s sensitive data.
“Out of these sectors, we see three sectors that are the most vulnerable – government, telecommunication, logistics and transportation and banking.
“These sectors are seen as lucrative by TAs, as these sectors’ data are seen as more impactful in terms of the level of sensitivity of the data and in terms of the volume of these data,” it said.
In January alone, the agency estimated that over 40 million records were leaked in various data breach incidents, totalling 13GB in size and involving eight government agencies and nine private entities.
The number of incident reports also increased significantly, from 29 in the third week of January to 48 in the following week.
February recorded the highest number of incidents, totalling 197, with over 28 million records leaked, or 33GB in size, involving nine government and nine private entities.
In the subsequent months, the number of incident reports dwindled.
In June, it was estimated that 823,880 records were leaked with a data size of 417.59GB, involving six government agencies and 20 private entities.
The agency said that the data was aggregated from social media, online news, Cyber Threat Intelligence Platforms and dark web forums.