Cybersecurity study: 18 main board firms had malware infections in November 2022

Iklan
Image for illustrative purposes only - FILE PIX
KUALA LUMPUR - Eighteen companies listed on Bursa Malaysia’s Main Board were hit by malware infections and 478 companies suffered data leaks in November 2022, according to the ‘Listed Malaysian Companies Cybersecurity Ratings’ study by cybersecurity company, LGMS Bhd.

The study - involving 160 Ace Market-listed companies and 783 Main Market-listed companies - found that seven companies had their databases exposed, 37 had remote desktop protocol (RDP) exposed and seven had their remote sync (RSYNC) service observed.

RDP is a protocol that enables users anywhere worldwide to access and control a computer, while RSYNC is a software tool to transfer files to a remote server.

In a statement today, LGMS chief operating officer and associate director Gilbert Chu said the fact that the main board-listed companies have had their data compromised and were probably unaware of it was concerning.

"Malware can use known software vulnerabilities to infect computers, potentially giving hackers access to the organisation's network, with one of the worst scenarios being ransomware," he said.

Ransomware is malicious software designed to block access to a computer system until a sum of money is paid.

These attacks are increasingly becoming popular among cybercriminals as it generates substantial profits.

One of the worst incidents was in 2017 when the Wannacry ransomware crippled systems in dozens of countries worldwide, including Malaysia, compromising banks, hospitals and government agencies.

To mitigate these risks, Chu encouraged organisations to perform Vulnerability Assessment and Penetration Testing exercises.

"These exercises would help to improve the organisations’ cybersecurity resilience so that they are better safeguarded in the cyber world,” he added.

The Listed Malaysian Companies Cybersecurity Ratings study is conducted on a monthly basis, using a combination of data points collected organically or purchased from public and private sources, before applying proprietary algorithms to articulate an organisation’s security effectiveness into a quantifiable score.

The ratings are backed by evidence collected from publicly available sources only, including data sourced from the dark web, said LGMS.

It said that during the public data collection process, no vulnerability scans nor penetration testing exercises were conducted on the subjects.

LGMS was recently recognised by the Asian Oceanian Computing Industry Organisation for Tech Excellence in Cybersecurity.

It was also recognised by Cybersecurity Malaysia as the country’s ‘Cybersecurity Company of the Year’ while its executive chairman, Fong Choong Fook, received the ‘Cybersecurity Professional of the Year’ award. - BERNAMA