CyberSecurity Malaysia report: Government sectors suffered most data breaches, while telcos spilled over 400GB of data in H1 2023


February recorded the highest number of incidents, totalling 197, involving nine government and nine private entities. – 123rf.com

PETALING JAYA: According to the CyberSecurity Malaysia report, the government sector experienced the greatest number of data breaches, while the telecommunications sector leaked the highest volume of data in the first half of the year.

In the Mid-Year Threat Landscape Report 2023, it said the government sector accounted for 22% of breaches, followed by telecommunications at 9%.

The education and retail sectors each accounted for 6%, while an assortment of other sectors made up the remaining 48%.

The national cybersecurity specialist agency under the Communications and Digital Ministry said that government ministries and agencies “are exposed to significant cyber risks, including vulnerable software, weak access controls, data exposure and other critical issues”.

It recommended a comprehensive assessment across all government agencies, proposing that it cover web and hosting infrastructure, data centres, internal systems and the ministry's entire ecosystem.

“From the data, we can see that 71% of these incidents are related to Admin Panel/C Panel, customer data and sensitive data leaks,” it said.

As for the volume of data leaked, the agency said a “staggering amount of 842.84GB” was exposed, with the telecommunications sector topping the list (424.92GB), followed by government sectors (291.49GB), banking (62.46GB), IT (14.60GB), and others (49.37GB).

“Alarmingly, 36.96% of the TAs (threat actors) are engaged in selling the leaked data. Even more concerning is the fact that 63.04% of these TAs are in this fray to share the data.

“This could imply a range of subsequent scenarios – from public leaks that are meant to damage reputations to sharing among TA networks for more extensive exploitation,” CyberSecurity Malaysia said in the report.

It named LeakBase, DeltaBoys, Desorden, Actifedot and Juliay as the top five threat actors leaking the country’s sensitive data.

“Out of these sectors, we see three sectors that are the most vulnerable – government, telecommunication, logistics and transportation and banking.

“These sectors are seen as lucrative by TAs, as these sectors’ data are seen as more impactful in terms of the level of sensitivity of the data and in terms of the volume of these data,” it said.

In January alone, the agency estimated that over 40 million records were leaked in various data breach incidents, totalling 13GB in size and involving eight government agencies and nine private entities.

The number of incident reports also increased significantly, from 29 in the third week of January to 48 in the following week.

February recorded the highest number of incidents, totalling 197, with over 28 million records leaked, or 33GB in size, involving nine government and nine private entities.

In the subsequent months, the number of incident reports dwindled.

In June, it was estimated that 823,880 records were leaked with a data size of 417.59GB, involving six government agencies and 20 private entities.

The agency said that the data was aggregated from social media, online news, Cyber Threat Intelligence Platforms and dark web forums.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Exclusive-Amazon in talks with Italy to invest billions of euros in cloud plan, sources say
Kind South Korean students return lost credit card in ingenious way, but they might have broken the law
EVs and hybrids are twice as likely to hit pedestrians as gas cars, study shows�
Easyjet, eyeing record summer, boosts nerve centre with AI
NYPD to use drones to aid swimmers in trouble at city beaches amid lifeguard shortage
At least two victims lose RM254,000 to scammers posing as officers from SG Anti-Scam Centre
A cop gave Fresno man a jaywalking ticket. Then came ‘cyber campaign of hate and revenge’
Private-hire driver in S’pore took passenger’s laptop and reset it, erasing all her work data
Vishing meets AI: The changing nature of phishing threats
Elon Musk's xAI valued at $24 billion after fresh funding

Others Also Read