Malaysia Topped Southeast Asia for Web Attacks in 2024 — 19.62 Million Hits in Six Months

The Facts

Kaspersky's threat intelligence data for the first half of 2024 produced a ranking that surprised many cybersecurity analysts: Malaysia led all of Southeast Asia in web-based cyberattacks, recording 19.62 million incidents in six months — more than six times the volume recorded in Indonesia, which came second with approximately 3.2 million.

The scale of the disparity reflects several converging factors. Malaysia's high internet penetration rate and mature digital economy create a larger digital attack surface than lower-connectivity ASEAN neighbours. Malaysia's integration into global supply chains — particularly in electronics manufacturing and financial services — makes it a higher-value target for attacks seeking downstream access. And Malaysia's web infrastructure hosts significant regional internet traffic, making Malaysian servers attractive targets for malware hosting and botnet command-and-control.

CyberSecurity Malaysia's Q4 2025 Cyber Incident Quarterly Summary Report revealed the current threat composition: ransomware variants including Qilin (highest frequency), Loki Locker, QuickLock, BitLocker, DireWolf, Enzo, and NasLock were active. Malicious APK files targeting Android internet banking users were the top single malware category — consistent across both Q3 and Q4 2025.

The hacktivist dimension is also escalating. CyberSecurity Malaysia issued a specific 2025 alert regarding INDOHAXSEC — an Indonesian hacktivist group launching data breaches, credential compromises, and website defacements against both Malaysian government agencies and private sector organisations. The group frames its attacks as retaliation for perceived Malaysian treatment of Indonesian workers and other bilateral disputes.

Technical Deep-Dive

Malicious APK attacks — the top incident category in Malaysia across multiple quarters — exploit Android's sideloading capability. Unlike iOS, Android allows installation of applications from outside the official Google Play Store. Attackers distribute malicious APK files through phishing links, social media, and messaging platforms, disguising them as banking apps, government services, or popular utilities.

Once installed, a malicious banking APK typically operates as an overlay attack: displaying a fake login screen on top of the legitimate banking app's login process, capturing credentials as the user enters them. More sophisticated variants also intercept SMS OTP messages used for transaction authentication — capturing both the password and the second factor simultaneously.

Malaysia's banking sector has responded with a combination of mobile malware detection built into banking apps (scanning the device for known malicious apps before allowing login), kill switches that disable online banking access from compromised devices, and user education campaigns. Bank Negara Malaysia's regulatory guidance on digital banking security has pushed banks to implement these controls, but implementation quality varies.

The ASEAN Perspective

The INDOHAXSEC dimension of Malaysia's threat landscape illustrates a regional dynamic that is often overlooked in threat analysis: cybersecurity risks in ASEAN are not purely criminal — they are also hacktivist and geopolitically motivated. Bilateral tensions between ASEAN neighbours create conditions for hacktivist groups that operate in legal grey zones to target infrastructure across borders.

Singapore's high internet penetration (96%) and integration into regional digital infrastructure creates comparable web attack exposure. Indonesia's rapidly growing digital economy — with 3,300 cyberattacks per week recorded in the 2024 ASEAN data — is expanding its attack surface faster than its security capacity is growing.

RECATOOLS Verdict

Malaysia's 19.62 million web attack figure is a stark data point in the ASEAN cybersecurity story. Being the most digitally mature economy in a region creates the dual consequence of being the most attractive target. The CyberSecurity Malaysia reporting apparatus — one of ASEAN's most detailed and publicly accessible national cyber incident reporting systems — means Malaysia's attack data is more visible than equivalent incidents in countries with less developed reporting infrastructure. That visibility is a strength, not a weakness.

Sources

• Kaspersky Cyberthreat H1 2024 APAC Report
• CyberSecurity Malaysia Q3 and Q4 2025 Quarterly Summary Reports
• Security Quotient Malaysia Cyber Threat Landscape 2025

FAQ

Why does Malaysia have so many web attacks? High internet penetration, mature digital economy, significant global supply chain integration, and regional internet hosting concentration make Malaysia a high-value, high-surface attack target.

What are malicious APK attacks? Android application files distributed outside the Play Store that install banking credential theft malware on users' devices — the top malware category in Malaysia for multiple consecutive quarters.

Who is INDOHAXSEC? An Indonesian hacktivist group that launched coordinated cyberattacks on Malaysian government and private sector targets in 2025, motivated by bilateral political tensions.

What is Malaysia's government response? Bank Negara Malaysia has issued digital banking security guidelines; CyberSecurity Malaysia operates the Cyber999 incident response centre and publishes quarterly threat reports.

How can Malaysian Android users protect themselves? Install apps only from the official Google Play Store, enable Google Play Protect, avoid clicking APK download links in messages, and use banking apps with built-in malware detection.