Fortinet: Ransomware attacks on businesses have doubled in 2023

13 Dec 2023 09:00pm

Photo for illustration purposes only. - 123RF

KUALA LUMPUR - Global cybersecurity firm Fortinet today revealed that ransomware incidents among organisations across Malaysia have doubled in 2023 compared to the previous year, according to its latest study conducted by International Data Corporation.

The survey, commissioned by Fortinet, involved 550 information technology leaders across Asia Pacific covering 11 markets -- Malaysia, Australia, Hong Kong, India, Indonesia, New Zealand, Singapore, Thailand, South Korea, the Philippines, and Vietnam.

Fortinet vice-president of marketing and communication, Asia, Australia and New Zealand Rashish Pandey noted that over 50 per cent of organisations surveyed in Malaysia reported that they experienced at least two times increase in ransomware attacks this year.

"Phishing and malware (malicious software) are the primary attack vectors, while other significant vectors include SQL (structured query language) injection, insider threats and Internet of Things vulnerabilities.

"Phishing is the predominant cyber threat in Malaysia, with 54 per cent of organisations ranking it as their top concern," he said in a media briefing on the state of security operations in the Asia Pacific region here.

According to Rashish, ransomware incidents were evolving into a ransomware-as-a-service method which involves attacks from organised crime syndicates, making it more persistent.

"It is not just a criminal organisation, but many nation states are also involved in this, as they are also engaging in cyber warfare, and it is maturing very fast as there is a whole ecosystem around it.

"One of the statistics that we have is for the first half of this year, we saw more than 30 per cent rise in the number of advanced persistent threat groups across the region," he added.

Meanwhile, Rashish noted that financial institutions and e-commerce businesses emerged as the most vulnerable sector to experience cyber attacks, as the majority of the threats were economically motivated.

"This is based on two parameters -- where can they get the most money from and what is the easiest way for them to get it?" he said.

In addition, Rashish did not rule out that the manufacturing and supply chain sectors are also exposed to the possibility of cyber attacks in the future as there are many loopholes for the threat actors to get into the system.

"Financial and manufacturing sectors are probably the two most vulnerable targeted sectors for cyber threat actors," he added.

As a background note, ransomware is a type of malware that locks a victim's data or device and demands a ransom to unlock it.

Malware is any software specifically designed to disrupt, damage, or gain unauthorised access to a computer system, whereas phishing is a form of social engineering and scam in which attackers deceive people into revealing sensitive information or installing malware such as ransomware. - BERNAMA