Malaysia is no stranger to the cybersecurity landscape, having been involved in and targeted by a significant number of cyberattacks and data leaks. These incidents raise questions about the country’s readiness to face cyber threats within this evolving cybersecurity environment.

The 2024 Cybersecurity Readiness Index for Malaysia

In Cisco’s 2024 Cybersecurity Readiness Index, it is revealed that only two percent of organizations in Malaysia are classified at the ‘Mature’ level for readiness. This classification indicates robust resilience against the myriad of modern cybersecurity risks that today’s businesses face.

This critical assessment arrives at a time when hyperconnectivity defines our era, alongside a threat landscape that is rapidly evolving. Businesses are incessantly bombarded with sophisticated cyber threats, ranging from phishing and ransomware to supply chain attacks and social engineering tactics. Despite concerted efforts to fortify defenses against these onslaughts, many organizations are burdened by their complex security frameworks, which often consist of disparate point solutions.

WHAT’S GOING ON WITH CYBER SECURITY IN MALAYSIA?

Muhammad Zulhusni | 14 July, 2023

The complications of defending against cyber threats are further amplified in today’s distributed work environment, where organizational data is dispersed across an infinite array of services, devices, applications, and user interfaces.

Yet, despite these daunting challenges, a surprising 85% of companies profess a moderate to a high level of confidence in their cybersecurity defenses, despite their actual state of preparedness. This stark disparity between perceived confidence and actual readiness points to a potentially dangerous overestimation of their cybersecurity capabilities and a failure to accurately gauge the magnitude of the threats they face.

The 2024 Cisco Cybersecurity Readiness Index undertakes a comprehensive examination of organizational preparedness against cyber threats across five critical domains: Identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. These domains encompass 31 distinct solutions and capabilities, evaluated through a double-masked survey of more than 8,000 security and business leaders across the globe.

2% of organizations in Malaysia are classified at the ‘Mature’ level for readiness. (Source – Cisco)

The survey’s respondents were asked about their deployment of these cybersecurity measures, classifying them into four ascending stages of readiness: Beginner, Formative, Progressive, and Mature.

Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, cautions against the peril of overconfidence within the organizational psyche, advocating for a strategic shift towards integrated security platforms and leveraging AI to scale defense mechanisms effectively.

The findings from the study paint a grim picture of readiness among Malaysian companies, with a mere two percent poised to effectively counter contemporary cyber threats. A significant majority find themselves at the lower echelons of cybersecurity maturity, ill-prepared for the inevitabilities of the cyber threat landscape.

Forecasting cyber risks and financial implications

Moreover, the study forecasts a high likelihood of future cybersecurity incidents and sheds light on the financial ramifications of such breaches, with some incidents costing organizations upwards of US$300,000. The reliance on multiple cybersecurity point solutions has proven counterproductive, hampering the swift detection, response, and recovery from incidents. This issue is exacerbated by the admission from a vast majority that the cumbersome management of numerous point solutions slows their security operations.

The survey also highlights the pervasive issue of unmanaged device access, critical talent shortages, and the ambitious plans of organizations to significantly bolster their IT infrastructures and cybersecurity measures in the near term. This includes a notable emphasis on upgrading existing solutions, deploying new technologies, and a considerable increase in cybersecurity budgets.

Addressing the complex challenges posed by today’s threat landscape necessitates a concerted effort from companies to accelerate their investment in security infrastructure, adopt innovative security measures, and embrace a platform-based approach to cybersecurity. This strategy is essential for enhancing network resilience, making meaningful use of AI, and bridging the significant cybersecurity skills gap.

Hana Raja, Managing Director of Cisco Malaysia, underscores the complexity of the current cybersecurity environment, pointing out the lag in cyber resilience among organizations globally, including those in Malaysia. Raja advocates for a comprehensive platform approach to cybersecurity, which promises a simplified, secure, and holistic view of an organization’s security posture, enabling businesses to better navigate and exploit the advantages of emerging technologies amid the ever-evolving threat landscape.

MALAYSIA’S CENTRAL DATABASE HUB: IS PADU A CYBERSECURITY TIMEBOMB?

Aaron Raj | 7 February, 2024

The first reading of the Cyber Security Bill 2024

Recognizing that only a small fraction of companies in Malaysia achieve a “Mature” status in cybersecurity preparedness, the Malaysian government acknowledges the critical need to bolster cybersecurity nationwide. Consequently, the Cyber Security Bill 2024 has been introduced, marking its initial reading in Parliament. Aimed at strengthening national cybersecurity, this legislative proposal was presented by Digital Minister Gobind Singh Deo on March 25th.

The Star reported that The bill is scheduled for a second reading during the ongoing session of the Dewan Rakyat and outlines a comprehensive approach to elevate cybersecurity standards. It mandates adherence to specific measures and standards for improved national security, detailing protocols for managing cybersecurity incidents that affect the country’s critical national information infrastructure.

Additionally, the legislation proposes the creation of a National Cyber Security Committee and defines the responsibilities and authority of the National Cyber Security Agency’s chief executive officer. It includes provisions for the licensing of cybersecurity service providers and establishes the role of a national critical information infrastructure sector lead.

According to the bill, the Digital Minister, following recommendations from the chief executive, may designate any government body or individual as the sector lead for national critical information infrastructure, potentially appointing multiple leads for various sectors. These appointments will be officially announced on the National Cyber Security Agency’s website.

The sector leads will be responsible for developing a code of practice and creating and updating guidelines on best practices for managing cybersecurity. The National Cyber Security Agency has stated that the proposed bill will legally empower it to define and enforce cybersecurity standards for entities deemed as National Critical Information Infrastructure. Failure to comply with these standards could result in legal repercussions.

The post Cybersecurity in Malaysia: A reality check on readiness and resilience appeared first on Tech Wire Asia.

The specter of cyberthreats looms, casting a shadow over nations striving to fortify their digital defenses. Malaysia, a burgeoning hub of technological innovation and digital expansion, finds itself at the crossroads of this ongoing battle against cyber malfeasance. With the rise of internet connectivity and digital services, the country has become a fertile ground for cybercriminal activities, prompting an urgent need for comprehensive cybersecurity measures.

Against this backdrop, Kaspersky, a cybersecurity company, has shed light on the evolving nature of local cybersecurity threats in Malaysia, tracing developments over a three-year span. According to its recent report, there has been a slight but consistent decline in cybersecurity threats from 2021 to 2023, indicating a somewhat positive trend in the battle against digital malfeasance.

Kaspersky was active in fighting cyberthreats in 2023

Predominantly, worms and file viruses emerge as the chief culprits, with the Kaspersky Security Network (KSN) revealing how users frequently fall prey to malware spread through removable USB drives and other offline methods. This underscores the persistent need for a multifaceted security approach that integrates antivirus solutions, firewalls, anti-rootkit tools, and stringent controls over removable devices.

In the past year alone, Kaspersky’s efforts have led to the successful neutralization of 22,037,248 local threats aimed at Malaysian users, marking a modest reduction of 0.43% from the previous year’s figures:

• 2021: 35,873,395 local threats
• 2022: 22,133,174 local threats
• 2023: 22,037,248 local threats

This significant reduction in local threats since 2021, a year also noted by INTERPOL for a surge in cybercrime activities, highlights the ongoing challenges and successes in cybersecurity efforts. Cybercriminal syndicates continue to refine their strategies, utilizing shared resources and expertise to launch sophisticated attacks.

Yeo Siang Tiong, Kaspersky’s general manager for Southeast Asia, emphasizes the critical importance of cyber hygiene for individuals and corporations alike. He notes that many threats require human interaction to succeed, pointing out the risks associated with employees circumventing security protocols—a factor as detrimental as external hacking attempts.

KASPERSKY FORESEES RISE IN PHISHING, SCAMS, DATA BREACHES, AND APT ATTACKS IN APAC FOR 2024

Muhammad Zulhusni | 16 January, 2024

Echoing this sentiment, the CyberSecurity Malaysia Mid-Year Threat Landscape Report for 2023 advocates for strengthening cybersecurity infrastructures and adopting continuous monitoring, training, and best practices. It highlights the manufacturing sector as particularly vulnerable to ransomware attacks, followed closely by the educational sector and others.

Despite the observed decline in local threats, Yeo warns against complacency, pointing out the shift in cybercriminal tactics towards more targeted attacks rather than broad campaigns. Kaspersky experts recommend a comprehensive set of cyberhygiene practices to fortify digital defenses.

The R00TK1T incident: a stark reminder of emerging cybersecurity challenges

Amidst this broader cybersecurity landscape, the telecommunications giant Maxis faced a formidable challenge from the hacker collective R00TK1T. Following Maxis’ disclosure of a cybersecurity breach, R00TK1T disputed the company’s claim that only third-party vendor systems were affected, demanding acknowledgment of the breach’s full extent and threatening further disruptions.

R00TK1T’s claim of infiltrating a Maxis employee’s internal dashboard casts doubt on the company’s cybersecurity defenses and presents a stark ultimatum: acknowledge the breach or face escalated attacks. The group’s assertion of compromising Maxis’ Kulim Network and the potential reset of Agrotech-related systems illustrates the sophisticated nature of modern cyber threats.

As R00TK1T ramps up its threats, showcasing a screenshot that purportedly displays network connections at Quayside Mall in Kota Kemuning, the group’s capability to infiltrate critical infrastructure becomes evident. With an “elite squad” of 52 highly skilled individuals, R00TK1T’s actions represent a significant challenge to Malaysia’s digital security.

Maxis’ response, focusing on customer privacy and security, underscores the complexities of safeguarding digital ecosystems. The incident, meticulously documented by R00TK1T, including screenshots from a purported Maxis user database, highlights the intricacies of protecting sensitive data in an interconnected world.

Maxis is facing a serious cyberattack. (Source – X).

Strengthening cyberdefenses in an evolving digital landscape

This juxtaposition of general cybersecurity trends with the specific R00TK1T incident against Maxis offers valuable insights into the multifaceted nature of cyberthreats in Malaysia. As the nation enhances its cyber-awareness and preparedness, incidents like these serve as critical reminders of the persistent challenges in securing digital infrastructure and sensitive information.

The government’s commitment to bolstering cybersecurity through budget allocations and the expansion of 5G network coverage reflects a proactive approach to technological advancement and security. But as cyberthreats continue to evolve, the need for comprehensive cyberhygiene practices, robust security measures, and a collective effort in cybersecurity education and infrastructure development remains paramount.

MALAYSIA’S CENTRAL DATABASE HUB: IS PADU A CYBERSECURITY TIMEBOMB?

Aaron Raj | 7 February, 2024

In navigating the complex cybersecurity landscape, the collective efforts of cybersecurity firms, corporations, and government agencies are crucial. The ongoing battle against cyberthreats as seen in 2023 demands technological solutions and a strong culture of cyberhygiene and awareness among individuals and organizations alike. The case of R00TK1T’s confrontation with Maxis is a potent reminder of the ever-present risks in the digital domain and the need for vigilance and proactive measures.

Educating employees on the importance of following security protocols, implementing robust security technologies, and fostering a collaborative approach to cyberdefense can significantly reduce the risk of breaches. Continuous monitoring, rapid response strategies, and threat intelligence sharing within and across sectors are essential components of a resilient cybersecurity posture.

The evolving nature of cyberthreats, exemplified by targeted attacks from groups like R00TK1T, underscores the importance of adaptive security strategies that can anticipate and mitigate emerging risks. As cybercriminals employ increasingly sophisticated methods, the security community must stay ahead by leveraging advanced technologies, such as artificial intelligence and machine learning, for threat detection and response.

In conclusion, the cybersecurity landscape in Malaysia, as observed through the trends reported by Kaspersky and the specific incident involving R00TK1T and Maxis, reflects the broader global challenge of securing digital infrastructures against relentless and evolving threats. It highlights the imperative for a comprehensive and dynamic approach to cybersecurity, combining technological solutions, human factors, and collaborative efforts to safeguard the digital future. As Malaysia continues to advance its digital infrastructure, the lessons learned from these experiences will be invaluable in shaping a secure and resilient cyber-environment for all.

The post Kaspersky blocked 22 million cyberthreats in Malaysia in 2023 appeared first on Tech Wire Asia.

It’s been almost a month since Malaysia launched its Central Database Hub (PADU). Since its launch, there have been mixed reactions from the public. Many are still skeptical about the need to share their data with another government agency, given the increasing number of cybersecurity incidents in the country alongside weak cybersecurity regulations.

According to a report by Bernama, a total of 2.38 million individuals have since updated their personal information on the database. Users are required to update and confirm 30 types of personal particulars, including their identity card number, household size and residential address.

HERE’S HOW MALAYSIA’S CENTRAL DATABASE HUB, PADU CAN BE COMPROMISED BY CYBERCRIMINALS

Aaron Raj | 4 January, 2024

The Central Database Hub was developed locally, using the internal expertise of the Economy Ministry, the Department of Statistics Malaysia and the Malaysian Administrative Modernization and Management Planning Unit (Mampu). Various government ministries, agencies and state governments also contributed to the development of the database.

In a report by The Edge, Datuk Seri Dr Mohd Uzir Mahidin, chief statistician of PADU, asked users to register their details soon. He fears that the last-minute surge in registrations before the March 31 deadline could result in system congestion. This raises more questions on the hub’s capabilities to support the data it has. If it is not even able to support a surge in registrations, will the hub be capable of delivering what it was really intended to do?

As mentioned earlier, cybersecurity concerns are one of the main reasons why Malaysians are still not signing up to the central database hub. To understand more about PADU’s security features and how users can be assured of the system, Tech Wire Asia spoke to David Rajoo, senior systems engineer specialist at Palo Alto Networks.

2.38 million individuals have so far updated their personal information on the database. (Image by Shutterstock).

How different is PADU compared to other central database hubs in the region?

PADU is specifically designed for data integration and sharing among Malaysian government agencies, focusing solely on improving data accessibility and government decision-making efficiency. Its most noteworthy characteristic is its explicit focus on targeted aid and subsidies. Unlike other data hubs that may have broader or more varied objectives, PADU is uniquely dedicated to ensuring the fair distribution of subsidies and services to those who need them most.

Moreover, PADU is managed by the Department of Statistics Malaysia (DoSM), which demonstrates its strong commitment to maintaining data accuracy, reliable statistics, and thorough analysis.

What is the biggest flaw the PADU system has currently and how can this be addressed?

Before PADU, Malaysia encountered significant hurdles in integrating information, leading to substantial gaps in the database, crucial for extending government assistance to those in need. The establishment of PADU signifies a concerted effort to rectify these discrepancies and align our operations with the national digital transformation agenda.

A major risk facing PADU that we see is the threat of a breach. Like many other industries and organizations that are entrusted with safeguarding vast volumes of personal data, PADU is not bulletproof to cyber attacks. Bad actors are not biased toward one country, industry, or system, and they constantly look for vulnerabilities and continue to evolve in their tactics.

MALAYSIA NEEDS TO FOCUS ON STRONGER PASSWORDS – “123456” DOESN’T CUT IT!

Muhammad Zulhusni | 17 November, 2023

Among the measures that can be taken by PADU to strengthen its system are:

• Implement strong encryption protocols – ensure that data, both at rest and in transit, is safeguarded through state-of-the-art encryption methods. This serves as the first line of defence against unauthorized data use.
• Enforce strong multi-factor authentication systems – ensuring strong validation and authentication processes and systems provides assurance of proper system security.
• Develop a zero trust strategy and architecture – assuming a breach condition and systems are compromised, provides a mindset and strategy to secure PADU against actual breeches.
• Deploy advanced threat detection systems – utilize AI and machine learning-powered systems to continuously monitor and analyze data patterns, enabling early detection of anomalies that may signify potential security issues.
• Foster a culture of security awareness – conduct regular training and drills for all stakeholders involved with the PADU This ensures that individuals are prepared to identify and respond to security threats promptly.
• Engage in international collaboration – partner with global cybersecurity experts and partake in knowledge exchange to stay ahead of emerging threats and incorporate global best practices into the PADU system’s security.
• Be prepared and ready for a cyber-event – have a robust cyber-resilience program in place to quickly respond, investigate and recover from a cyber
• Maintain continuous vigilance and update security measures – regularly assess and update the security measures to counter evolving cyberthreats. This proactive approach is crucial in maintaining the integrity of the PADU system and safeguarding the privacy of individuals.

PADU is managed by the Department of Statistics Malaysia. (Image generated by AI).

What are the common mistakes governments and businesses make when it comes to data centralization?

Centralization initiatives in data management present a multitude of advantages in terms of operational efficiency, accessibility, and enhanced service delivery. But when starting such large projects, both governments and businesses often face similar challenges. Identifying and mitigating these shared pitfalls is paramount to ensuring the efficacy and security of these initiatives.

• Data transparency assurance: ensuring data is used with integrity, lawfully, fairly, traceably and with valid purpose, increases the confidence of PADU users.
• Data privacy measures: overlooking the need for strong data privacy protocols can result in unauthorized access.
• Comprehensive security  strategy: a  minimal layered security approach leaves centralized data vulnerable to cyberattack.
• Scalability and flexibility: design systems that are not equipped for future growth can lead to the ever-changing need for efficiency improvements.
• Overlooking data quality and integrity: less emphasis on data accuracy can lead to poor decision-making and unreliable outputs.
• Underestimating stakeholder  engagement:  lack of involvement from key stakeholders during planning and implementation can hinder system acceptance and usefulness.
• Inadequate training and support: not providing enough training and support to users can limit the system’s effectiveness and increase security risks.

While systems like PADU that centralize data can greatly improve services and governance, it’s important to actively prevent these common problems. By doing this, governments and businesses can make sure their data systems are strong, efficient, safe, and able to withstand changing cyberthreats.

Can the PADU system establish standardized security protocols across various government agencies to ensure a uniform and high level of security practices in Malaysia? How can they implement it?

The PADU system, as a centralized data hub, is intrinsically capable of fostering standardized security protocols across various government agencies in Malaysia. This capacity is further amplified when harmonized with legislative initiatives like the Malaysia Omnibus Act, which facilitates data sharing and cloud storage among government agencies. Here’s how this synergistic approach can effectively implement uniform and high-level security practices:

• The Omnibus Act‘s framework for data sharing and cloud storage guides PADU in standardizing security protocols. By aligning PADU’s data management with this Act, a central security framework can be established. This framework will set unified standards, policies, and protocols for data handling, access control, and incident response, tailored to various government sectors, enhancing overall data security and management efficiency.
• Leverage advanced security technologies: utilize state-of-the-art security technologies and services, including advanced encryption, intrusion detection systems, and AI-powered threat analysis tools. Ensure these technologies are integrated seamlessly into the PADU system.
• Managed by the Economy Ministry: with the Economy Ministry overseeing the Omnibus Act‘s implementation, align PADU’s data management strategies with economic strategies and cybersecurity policies. This ensures that the standardization of security protocols not only protects data but also supports the government’s broader economic goals.

By integrating the operational capabilities of the PADU system with the legislative support of the Malaysia Omnibus Act, we can establish and implement standardized security protocols across various government agencies. This not only ensures a uniform and high level of security practices but also aligns with Malaysia’s broader goals of digital transformation, efficient governance, and economic growth, creating a secure, efficient, and future-ready data ecosystem.

Like many other industries and organizations that are entrusted with safeguarding vast volumes of personal data, PADU is not bulletproof to cyberattacks. (Image generated by AI).

Malaysian cybersecurity regulations do not apply to government data. Should this be addressed? Who should be accountable if there are any cybersecurity incidents?

We are certainly looking forward to the new Cybersecurity Bill to be passed in Malaysia, as a measure to strengthen the nation’s cybersecurity posture and maturity. Having said that, cybersecurity is a shared responsibility. Safeguarding digital assets requires collective vigilance and cooperation from individuals, organizations, and governments alike. There should be a well-defined accountability framework in place. This involves:

• Designation of responsibility:  assigning clear responsibility to specific roles or departments within each government agency for maintaining cybersecurity.
• Regular audits and compliance checks: implementing regular audits and compliance checks to ensure that the cybersecurity measures are up to the mark and that the agencies are adhering to the established protocols.
• Incident response and  reporting:  developing a standardized incident response protocol, including immediate measures to mitigate damage, in-depth investigations to identify the source of the breach, and transparent reporting mechanisms to inform stakeholders and the public.
• Public-private partnerships: using expertise from the private sector to help secure government data. Such partnerships can bring in fresh perspectives, advanced technologies, and global best practices.

Lastly, what advice would Palo Alto Networks give to PADU on ensuring it is not compromised?

We have always maintained that cybersecurity is a data issue and we’ve been at this a long time. With this commitment in mind, the team responsible for PADU should implement a zero trust approach. This approach assumes that threats can exist both outside and inside the network. This model requires verifying every user and device, securing every access point, and enforcing least-privilege access to minimize the risk of breaches.

The post Malaysia’s Central Database Hub: is PADU a cybersecurity timebomb? appeared first on Tech Wire Asia.

Another day, another Malaysian organization experiences a data breach. Everyone knows about the flaws and weaknesses in Malaysia’s cybersecurity laws. While the government is working on a new law to deal with this issue, businesses need to ensure they are well-prepared to deal with breaches.

While most companies in Malaysia continue to invest in improving their cybersecurity, they also need to be aware of how their company and customer data is being used, stored and disposed of. Malaysia already has several regulations on how personal data should be managed. However, the implementation of the law has still failed to boost some industries to take the matter seriously.

COST OF A DATA BREACH FOR ASEAN BUSINESSES HITS RECORD HIGH

Aaron Raj | 28 July, 2023

According to a report by Surfshark, a cybersecurity company, Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate was 144% higher in Q3 2023 than it was in Q2 2023, and around four Malaysian user accounts were leaked every minute in Q3 2023.

Just taking a look at the recent cybersecurity incidents in the country, most of the data breaches are caused by ransomware attacks or systems that were simply not secured enough.

Major cybersecurity incidents in Malaysia in the past 24 months include:

• In December 2022, a hacker claimed to have the personal information of 13 million voters from the Election Commission, as well as customers of Maybank and Astro. The stolen data was posted on an online database marketplace, where the seller asked for direct messages through Telegram or the forum’s messaging features to complete the sale.
• In November 2023, a hacker claimed to have a 2022 database of 487 million WhatsApp user mobile numbers, of which 11 million were from Malaysia. The leak included accounts from 84 countries and was sold on a hacking community forum.
• In September 2023, Malaysia recorded its highest number of data breach cases, with an all-time high of 15 reported cases a week involving mainly ransomware attacks. The situation sparked concern over related cybercrimes and phone scams, which have led to millions of ringgit losses annually.
• iPay88, a payment gateway provider in Malaysia, suffered a data breach in May 2022 that potentially compromised customers’ card data. Since then, iPay88 has been working with cybersecurity experts to investigate and contain the breach.
• AirAsia was the subject of alleged data leak claims in November 2022, as confirmed by the Malaysian government and various news sources. The hacker group Daixin Team claimed responsibility for the attack, which compromised the personal data of five million passengers and all employees of AirAsia. The ransomware attack was on redundant systems, and AirAsia has launched an investigation into the alleged data breach.

Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. (Image generated by AI).

 TM suffers data breach again

 The Star reported that customer data from Telekom Malaysia (TM) has made its way to the dark web forum. The report stated that a user claimed that he had stolen the complete customer database of the telco company.

The user claims that the data contains nearly 200 million entries, with “nearly 20 million effective user data.” Additionally, the user provided screenshots purporting to be the company’s customer database architecture documentation, with 161 pages outlining the structure, design, and functionality of the company’s customer database system.

KASPERSKY FORESEES RISE IN PHISHING, SCAMS, DATA BREACHES, AND APT ATTACKS IN APAC FOR 2024

Muhammad Zulhusni | 16 January, 2024

This is not the first time TM has experienced a data breach. In 2023, TM confirmed a data breach involving historical Unifi customers’ personal information such as name, national identification/passport number, and contact details. In 2022, TM found 250,248 Unifi Mobile customers to be affected by a data breach, constituting both individual customers and SMEs. The type of data that was breached involved customer names, phone numbers and emails.

The Star also reported that TM released a statement claiming that it had received a ransom note recently, which had prompted “an immediate and thorough investigation to verify these claims.”

It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.

It also said that it has engaged the relevant authorities, lodged a police report, and is continuously fortifying its cyberdefenses and bolstering its resilience against such threats.

Old data can be compromised by cybercriminals in various ways. (Image generated by AI).

Data breaches impact all data

Here’s where it gets concerning. Despite the data being old and outdated, the information can still be compromised by cybercriminals. In fact, some cybercriminals are hacking encrypted data now so they can decrypt them in the future. Such is the value of data  – which businesses need to take more seriously.

For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future. Here are several ways cybercriminals can still use old data:

• Identity theft: Old data can contain personal information that can be used to impersonate someone or access their accounts. For example, a cybercriminal can use an old email address and password to log in to a social media account and post malicious content or scam messages.
• Fraud: Old data can contain financial information that can be used to make unauthorized transactions or purchases. For example, a cybercriminal can use an old credit card number and expiry date to buy goods or services online.
• Blackmail: Old data can contain sensitive or embarrassing information that can be used to extort money or favors from the victim. For example, a cybercriminal can use an old photo or video to threaten to expose it to the public or the victim’s contacts.
• Phishing: Old data can contain contact information that can be used to send fake or malicious emails or messages to the victim or their acquaintances. For example, a cybercriminal can use an old phone number to send a text message claiming to be from a bank or a government agency and asking for personal or financial details.

At the same time, old data can be compromised by cybercriminals in various ways, such as:

• Data breaches: Cybercriminals can hack into online platforms or databases and steal old data that has not been deleted or secured properly. For example, in 2021, a hacker leaked the personal data of 533 million Facebook users from a 2019 breach.
• Malware infections: Cybercriminals can infect computers or devices with malicious software that can access and transmit old data stored on them. In 2021, a ransomware attack on Colonial Pipeline disrupted the supply of fuel in the US and exposed old data of the company’s customers.
• Phishing attacks: Cybercriminals can trick users into clicking on malicious links or attachments that can download malware or redirect them to fake websites that can capture their old data. For example, a phishing campaign in 2020 targeted Netflix users and asked them to update their payment details on a spoofed website.

As such, businesses need to be sure of how they use and store their data. At the end of the day, any form of data breach involving any type of data should not be taken lightly.

The post Malaysian telco provider has data breach – again appeared first on Tech Wire Asia.

Another two digital banks have been given the green light to start operating by the central bank of Malaysia, Bank Negara. The two banks are Boost Bank – a joint venture between fintech company Boost and RHB Banking Group – and AEON Bank, which is a subsidiary of AEON Financial Service.

While there were a total of five applicants granted digital banking licenses by Bank Negara in 2022, only Grab’s GXBank actually began operations in the final quarter of 2023. The other two successful applicants that have yet to launch their digital banks are a consortium led by Sea Limited and YTL Digital Capital Sdn Bhd, and a consortium led by KAF Investment Bank Sdn. Bhd.

GXbank has reportedly already had over 100,000 customers since its launch. The digital bank plans to introduce a debit card for its customers sometime in January 2024, too.

Bank Negara approved licenses for five digital banks in Malaysia.

The first Islamic digital bank in Malaysia

AEON Bank is notably the first Islamic digital bank in Malaysia. Compared to other digital banks, an Islamic digital bank will have to be Sharia-compliant. This means the bank will offer its customers financial services that are compliant with the principles of Islamic finance.

According to Raja Teh Maimunah, chief executive officer of AEON Bank, the digital Islamic bank aims to advance the promotion of financial inclusion and Islamic banking.

DIGITAL BANKS: WHAT’S DRIVING SUCCESS IN SOUTHEAST ASIA?

Aaron Raj | 3 October, 2023

“As part of one of Malaysia’s most recognized retail household brands, we aim to provide accessible, inclusive, and Shariah-compliant digital banking solutions to our AEON Group of customers, as well as to all Malaysians. It is our intent to empower our communities with access to digital financial services which are simplified, safe and secure,” said Maimunah.

The AEON brand is already a highly recognized household name that has served Malaysians nationwide for over four decades. The AEON Group aims to further expand and enhance the provision of its services to its retail and wholesale customers as well as ecosystem partners such as its auto dealers, merchants, suppliers, and tenants, among others.

In addition, the AEON Bank’s advocacy of digital technology will facilitate the introduction of new and innovative products for the AEON Group, enhancing the overall value proposition for its customer base and its ecosystem partners.

AEON Bank aims to unveil its phased rollout in the first half of 2024. The rollout plan is expected to begin with an exclusive beta testing phase with AEON employees. Maimunah explained that this will allow the bank to gather insights and feedback from users to refine and optimize the app.

“By initially offering access to a select group of beta testers, we aim to collaboratively fine-tune the app to ensure it meets the expectations of our wider user base on full release,” she said.

The Boost-RHB Digital Bank Consortium received regulatory approval ahead of the scheduled timeline. (Source – Boost).

Boost for digital banks in Malaysia

Compared to the other digital banks, Boost Bank is taking a more traditional-finance approach to digital banking. While none of the other digital banks are affiliated with traditional banks, Boost Bank is part of the Boost fintech company, which is a subsidiary of Axiata as well as RHB Bank.

As such, the Boost-RHB Digital Bank Consortium is the first primarily Malaysian-owned digital bank to begin operations with a pioneering embedded digital bank app in the local market. Boost holds 60% equity, and RHB owns the remaining 40%.

HOW SUCCESSFUL WILL DIGITAL BANKS BE IN SOUTHEAST ASIA?

Aaron Raj | 14 June, 2022

“Our aim is to broaden the digital banking options available to those with limited access to conventional banking facilities, and fostering an inclusive digital society for all Malaysians,” said Vivek Sood, group CEO of Axiata Group Berhad.

“This is a culmination of the symbiotic and strategic partnership between a leading fintech and successful financial institution with substantial ecosystems, united by a shared vision to drive greater financial inclusion,” added Sheyantha Abeykoon, group CEO of Boost.

Just like AEON Bank and GXBank, Boost Bank will advance into the alpha testing phase, involving internal employees, family, friends, and a selected group of customers. In the lead-up to the public launch, the digital bank will progressively enhance its product propositions and refine the user experience.

Fozia Amanulla, CEO of Boost Bank, added, “Rooted in the fundamental belief that everyone deserves a bright financial future, we are determined to propel Malaysia into an age of true financial inclusivity, by harnessing the untapped potential of embedded finance with our digital bank.”

The digital banks are expected to announce capabilities that will promote financial inclusion. (Image generated by AI).

Pursuing financial inclusion for all

Bank Negara awarded the digital bank licenses to these consortia based on a lengthy assessment. The assessment criteria covered the character and integrity of applicants, the nature and sufficiency of their financial resources, the soundness and feasibility of their business and technology plans, and their ability to meaningfully address financial inclusion gaps.

As such, the digital banks are expected to announce how they will promote financial inclusion as part of their venture. While GXBank has yet to make any announcements about its plans to reach the currently unbanked, both AEON Bank and Boost Bank have said they hope to provide financing and banking opportunities to individuals who have traditionally not been able to access funding.

AEON Bank aims to further that commitment by extending financial services to both individuals and small businesses who would not have access to funding and other financial services. It will also prioritize financial literacy and education initiatives to empower individuals and small businesses with the knowledge and tools to make informed financial decisions.

Meanwhile, Boost Bank believes that as it begins its operations in phases following the completion of the operational readiness audit, Malaysia is poised to unlock the benefits of greater financial inclusion.

The post Boost Bank and AEON Bank: two new digital banks start operations in Malaysia appeared first on Tech Wire Asia.

One of the biggest problems with data collected by government agencies is that it is often stored in silos by the respective agencies. Accessing all this data through a single platform or hub would ideally be the most effective way to gain comprehensive insights.

The Malaysian government has just launched the country’s national central database hub. Called Padu, the system will contain individual and household profiles of citizens and permanent residents in the country.

MOVING TOWARDS A PROACTIVE CYBERSECURITY APPROACH IN MALAYSIA

Aaron Raj | 30 June, 2022

The entire central database hub, developed locally, took around six months to complete. Since its launch, thousands of Malaysians have rushed to register their accounts, leading to such high registration traffic that the system briefly struggled to cope with the demand.

While most Malaysians were impressed that the government had finally launched a system consolidating all necessary information in one location, there were concerns about the security features of the Padu system. Comments on social media highlighted weaknesses in some features, particularly in user registration processes.

Rafizi Ramli, Malaysia’s Economic Minister who is overseeing the database, said that the government is aware of the cybersecurity concerns and has taken the measures needed to protect the data in Padu.

When the government handles data of this size, the risk in terms of data intrusion and security is a significant concern. The development of Padu has taken into account all the aspects of system security risks and classified information breaches,” he said.

In a report by Channel News Asia, the minister added that measures adopted include establishing comprehensive standard operating procedures as well as strategic cooperation between groups – namely the National Cyber Security Agency (NACSA), the Office of the Chief Government Security Officer (CGSO), CyberSecurity Malaysia and the Department of Personal Data Protection (PDP).

“The government has also appointed a group of independent experts with expertise in various fields who act as a check and balance in ensuring that Padu’s development includes the latest and best safety features,” added the minister.

Padu developers were quick to fix a flaw after it was highlighted on X.

How secure is Padu?

Several cybersecurity professionals in Malaysia have raised concerns about the Padu database. Given that the database is also expected to underpin the country’s forthcoming digital ID, many emphasize the need for developers to ensure the absence of backdoors that could be exploited by cybercriminals to compromise the system.

According to a report by The Star, CyberSecurity Malaysia (CSM) chief executive officer Datuk Dr Amiruddin Abdul Wahab said that cyberthreats to the data of millions of Malaysians are real and constantly evolving with technological advancements. Despite this concern, he assured readers that the responsible authorities have undertaken all necessary measures to secure Padu.

“CSM was tasked with conducting a Security Posture Assessment (SPA) as an independent third party. However, the overall requirements and ownership belong to the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) and the Statistics Department. Generally, the cloud is secure for storage, and it is based on the cloud security controls implemented by the cloud service provider,” he added.

Additionally, Dr Amiruddin expressed hope that the government would conduct regular security audits on Padu. He emphasized that, given the ever-evolving nature of threats, the current security system does not guarantee future safety.

Former DAP MP Ong Kian Ming has urged the government to suspend the registration of users for the Central Database Hub, or Padu, until concerns over security issues are resolved.

Five ways the central database hub can be compromised

The Tech Wire Asia team decided to register their details on the system. Initially, the layout and design of the system seemed very amateurish, resembling the work of student developers. The database appeared to predominantly focus on sources of income, which seems redundant since most individuals already declare their taxes to the Inland Revenue Board of Malaysia.

If Padu aims to streamline subsidies to deserving individuals, it may face challenges, particularly because many who need government assistance are in rural areas with limited access to the platform.

JAPAN’S LIQUID GLOBAL THE LATEST VICTIM OF CRYPTO HACKS

Aaron Raj | 25 August, 2021

The registration process was straightforward. However, the eKYC component, highlighted as complex by several parties, was the most challenging aspect. A former MP even suggested that the government should suspend the registration of accounts until all security concerns on the platform have been addressed.

With that said, here are five ways hackers and cybercriminals could easily compromise the Padu platform.

Identity theft – While some have denied this is a possibility, the reality is that once a cybercriminal has access to an account, they will also have access to all the information that is available. That includes not only personal data but also financial data, including the source of any recorded income.

Such information would fetch a hefty price on the dark web. Hackers could also use the information to set up accounts on other sites, causing havoc to victims. For example, a hacker could use the information for financial identity theft, in which the malicious actor uses financial details to apply for and obtain credit, loans, goods, and services.

Brute force attacks – A brute force attack uses trial-and-error to guess login information and encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

For Padu, once a user has verified their account, there is no multi-factor authentication needed to log in to their accounts. All that is needed is the identity card number and password – which can be easily compromised. In fact, the Economy Ministry has thanked a member of the public who found a loophole within its system that allowed third parties to use identity card numbers to override passwords in Padu.

DDoS attacks – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt online services or sites by overwhelming its target with unusually high volumes of data traffic. Hackers can easily launch DDoS attacks on the platform to disrupt its services. For example, in Singapore last year, a DDoS attack disrupted the country’s public healthcare institution website for hours, leaving many unavailable to log in and such.

Application vulnerabilities – No matter how secure it is, or how big a budget an organization has, all software has some flaws or bugs that can be exploited by cybercriminals. The developers of Padu need to constantly update their software to the latest version. They should also avoid downloading or installing software from untrusted sources or clicking on suspicious links or attachments.

Currently, Padu says that the responsibility for data security lies with the source of the data – meaning each government agency from which the data is coming. But this mentality needs to change as data security needs to be a collective responsibility.

Data breaches – Everyone knows the weaknesses in Malaysia’s cybersecurity laws and the number of data leaks, breaches and such that have occurred in government agencies. As a matter of fact, the current PDPA laws in Malaysia exclude government agencies. Hence, if a data breach was to occur on the database, who would be responsible for it?

The bottom line is that the central database hub is definitely a system that could be a game-changer for Malaysia. But if the concerns raised are not addressed properly, the platform could end up causing more harm to the public instead of benefiting them. With the country’s digital ID plans on the horizon, improving the security features in Padu should be a prerogative that must not be taken lightly.

The post Here’s how Malaysia’s central database hub, Padu can be compromised by cybercriminals appeared first on Tech Wire Asia.

Top-tier English football clubs’ players, including those from Manchester United and Liverpool, are at the forefront of the Premier League’s latest ‘Boot Out Piracy’ initiative. This campaign is designed to educate Malaysian fans about the dangers and adverse effects of accessing content illegally.

In its fourth season in Malaysia, the campaign showcases Premier League stars such as Manchester United’s Casemiro, Liverpool’s Diogo Jota, Brighton & Hove Albion’s Julio Enciso, Everton’s Abdoulaye Doucouré, and Taiwo Awoniyi from Nottingham Forest.

The players highlight the risks of using unauthorized channels to view Premier League content in these digital videos. They caution viewers about the potential for cyberattacks, including harmful malware and ransomware, which could lead to scams, data theft, and other fraudulent activities, as well as the high probability of encountering substandard streams.

MALAYSIA NEEDS TO FOCUS ON STRONGER PASSWORDS – “123456” DOESN’T CUT IT!

Muhammad Zulhusni | 17 November, 2023

Highlighting the risks of illegal streaming of live Premier League games

The Digital Citizens Alliance, in its June 2023 report, Giving Piracy Operators Credit, found that 44 percent of those who accessed pirated online content suffered identity theft. The study also revealed that piracy participants experienced malware problems at a rate of 46 percent, compared to just nine percent among non-participants.

Professor Paul Watters, a renowned cybersecurity consultant and researcher, said “There were record losses as a result of malware attacks in 2022. Consumers should be aware that sites and apps which stream pirated content are one of the main sources of these attacks. While antivirus software can help consumers, it cannot keep up with the explosion in malware variants every day. The best cure is prevention – avoid those sites that host and distribute malware.”

The Premier League collaborates closely with authorities across Asia and globally to take legal action against operators of illegal websites and distributors of illicit streaming devices. This includes ongoing partnerships with Malaysian law enforcement to bring illegal streaming device sellers to justice.

The League praises the Malaysian Government’s regulatory agencies for their continuous efforts to combat sports piracy syndicates in the country. Not only do these actions disrupt illegal streams of Premier League content, but they also limit access to unlicensed and unregulated gambling ventures, posing a risk to consumers.

Collaboration between the Premier League and Malaysia’s Ministry of Domestic Trade and Cost of Living (KPDN) has blocked nearly 300 major pirate domains for accessing illegal Premier League content, demonstrating the Malaysian government’s dedication to protecting consumer rights and intellectual property.

Awareness campaign: The dangers of illegal streaming

In the UK, illegal streaming of movies, sports, and TV shows carries severe financial risks, including the potential emptying of bank accounts and identity theft, as warned by authorities.

A recently launched awareness campaign sheds light on the hazards of using illicit streaming services to watch paid-for content. These include the risk of fraudulent credit card transactions and the potential for criminals to install malware, access bank accounts, or steal personal information.

This campaign also draws attention to the fact that people who consume pirated content might face police visits, and, in some instances, even prosecution and imprisonment.

Five operators of illegal streaming networks have been jailed. (Source – X).

With the cost of living crisis intensifying, more people are searching for free or low-cost methods to access the latest movies, football matches, and TV shows, often viewing illegal streaming as a minor or victimless crime.

The campaign is supported by a website (bestreamwise.com), posters in the London Underground and other locations, and a widely-viewed short film. The film depicts a man watching football on his laptop as ominous hands reach out from the screen, stealing his bank cards, account numbers, and personal information.

The campaign is endorsed by various organizations and companies, including the government’s Intellectual Property Office, Crimestoppers, the Federation Against Copyright Theft (Fact), ITV, Sky, and the Premier League, emphasizing the increasing operation of illegal streaming services by sophisticated criminal networks.

The campaign warns that accessing unauthorized content through free streaming sites, apps, TV sticks, and modified boxes puts users at risk of malware infection and becoming targets for scams or hacking.

Kevin Plumb, the general counsel of the Premier League, stressed the ongoing Boot Out Piracy campaign’s focus on the significant risks of watching matches via illegal streams.

Educational initiatives and enforcement strategies

Plumb explained, “Those who do so not only miss out on the best possible viewing experience, they also face a range of cybersecurity dangers. By accessing pirated content, people make themselves vulnerable to criminals, who use a wide range of methods to compromise the devices of viewers. This can lead to numerous issues, including fraud and identity theft.” He advised Malaysian fans to safeguard online safety and watch Premier League football through their official broadcast partner.

WILLY WONKA SCAM: THE ILLEGAL STREAMING SITES’ GOLDEN TICKET YOU DONT WANT THIS CHRISTMAS

Aaron Raj | 20 December, 2023

Plumb also noted that in addition to educating people about the dangers of illegal streaming, the League is ramping up efforts with local authorities to dismantle pirate sites and streams, and bring those selling illegal streaming devices to justice.

In Malaysia, the Premier League is working with local broadcast partner Astro to drive the Boot Out Piracy campaign forward.

Euan Smith, Astro’s group chief executive officer, reaffirmed the company’s commitment to combatting content piracy alongside authorities and the Premier League. He asserted, “To protect the rights of our paying sports fans, Astro has been proactively working with authorities and Premier League to send a strong message that content piracy is theft, illegal and punishable by law.”

Smith further emphasized the urgency for increased collective action against piracy, recognizing its detrimental impact on consumers and the broader industry.

The campaign is set to be broadcast across a variety of channels, including broadcast networks, social media, websites, and YouTube, extending its reach not just to Malaysia but also to Singapore, Indonesia, Hong Kong, Thailand, and Vietnam, aiming to widen its impact in the fight against the piracy of premier league live games.

The post Malaysia warned of consequences for watching illegal Premier League live games appeared first on Tech Wire Asia.

In the digital age, the intersection of technology, policy, and human rights often manifests in internet freedom and content regulation. Two prominent examples of this are seen in China and India. In China, the government maintains one of the world’s most comprehensive and sophisticated internet censorship systems. Known colloquially as the “Great Firewall,” this system blocks access to numerous foreign websites and rigorously monitors and censors the domestic digital landscape. This approach reflects the Chinese government’s commitment to maintaining strict control over information and public discourse, citing national security and social stability.

In contrast, India, while boasting a relatively open internet, has experienced its share of government intervention in digital content. Particularly in times of political unrest or social tension, the Indian government has been known to temporarily shut down internet access in specific regions or demand the removal of content from social media platforms that it deems a threat to public order or national security. Although often justified in the moment under the guise of maintaining peace and order, these actions raise concerns about the balance between state control and freedom of expression.

Malaysia’s surge in social media content regulation

Similar trends in content regulation and concerns about freedom of speech are evident in Malaysia. In the first six months of 2023, Meta and China’s TikTok restricted a record number of social media posts and accounts in Malaysia, as indicated by data released by these firms. This surge in content moderation coincided with increased government requests to remove content.

TIKTOK BREAKS RECORDS AS FIRST NON-GAME APP TO EXCEED US$10 BILLION – PLUS PLANS FOR 2024 UNVEILED

Muhammad Zulhusni | 14 December, 2023

Prime Minister Anwar Ibrahim’s administration in Malaysia, which assumed power in November 2022 on a reform platform, has been accused of reneging on  its commitment to safeguard freedom of speech. Reuters reported that this accusation arose amid heightened scrutiny and online content regulation in recent months. The Malaysian government, however, refutes claims of suppressing online dissent, stating its intention to limit provocative posts that potentially incite issues related to race, religion, and royalty.

In the first half of this year, Meta implemented restrictions on approximately 3,100 Facebook and Instagram pages and posts for Malaysian users. This action was based on reports alleging these pages and posts violated local Malaysian laws, as detailed in Meta’s semi-annual Transparency Report. The number of restrictions marked a significant increase, sixfold higher than the previous six months and the most substantial since Meta started documenting such actions in Malaysia in 2017.

In a recent statement, the Malaysian Communications and Multimedia Commission clarified that its requests to remove content from social media were driven by a need to shield users from a sharp rise in online harm rather than suppress diverse opinions.

From July 2022 to June 2023, Meta responded to requests from the Malaysian communications regulator and other government bodies by restricting over 3,500 items. These included posts critical of the government and others purportedly breaching laws against illegal gambling, hate speech, racial or religious division, bullying, and financial scams, as per Meta’s report.

Malaysia asked Meta and TikTok to remove more content in 2023. (Source -X).

TikTok’s compliance and challenges in Malaysia

Similarly, TikTok reported receiving 340 requests from the Malaysian government in the first half of 2023 to remove or limit access to certain content, impacting around 890 posts and accounts. The platform took action against 815 of these, citing violations of local laws or its own community guidelines. This figure was the highest for any six-month period since TikTok started reporting such data in Malaysia in 2019, and triple the number from the latter half of 2022. Malaysia’s requests to TikTok were the most numerous in Southeast Asia during this period. Unlike TikTok, Meta did not disclose the total count of government requests for content restrictions on its platforms.

DO WE REALLY NEED AI ASSISTANTS IN SOCIAL MEDIA?

Aaron Raj | 5 October, 2023

The Malaysian Communications and Multimedia Commission also reported a 24-fold surge in harmful content on social platforms, jumping to 25,642 cases in 2023 from just 1,019 in the previous year. This figure included instances of scams, illegal sales, gambling, fake news, and hate speech. However, the Commission did not specify the breakdown of this harmful content across different platforms.

Communications Minister Fahmi Fadzil recently refuted claims that he sought the removal of social media posts criticizing him, asserting that the regulator’s actions were often based on public complaints. He emphasized the sensitivity of race and religion in Malaysia, a country with a predominantly Muslim Malay majority and substantial Chinese and Indian minorities, which also has laws against seditious comments or insults towards its monarchy.

Communications Minister Fahmi Fadzil. (Source – Shutterstock).

Concerning TikTok, Fahmi raised issues in October about the platform’s inadequate response to defamatory or misleading content in Malaysia and its failure to fully comply with specific local laws, without specifying which. After meeting with TikTok representatives, he stated these concerns, highlighting the need to address content distribution and advertising purchase issues that had elicited complaints.

Fahmi acknowledged TikTok’s assurance of cooperation with the Malaysian government, attributing some of its operational lapses to the absence of a local representative in Malaysia. When asked for a comment on the Minister’s remarks and the meeting’s outcomes, TikTok’s spokesperson did not immediately respond.

This scenario is part of a broader scrutiny TikTok faces in Southeast Asia. For example, Indonesia’s government recently paused transactions on the platform following a ban on e-commerce trade on social media. Meanwhile, Vietnam is investigating the app for what it describes as “toxic” content.

Reiterating its commitment to compliance and cooperation, TikTok has stated its intent to proactively tackle the issues the Malaysian government raised. A spokesperson for TikTok confirmed the company’s respect for and adherence to Malaysia’s laws and regulations. The company has organized meetings with Malaysia’s communications regulator to align its operations with Malaysian expectations and legal requirements.

This proactive stance by TikTok came after Fahmi became concerned about content management and legal adherence, alongside the wider scrutiny the platform endures in the region.

The broader impact on free speech and expression

In a related development, the Malaysian government has considered legal action against Meta for not addressing “undesirable” content – but decided against it following discussions with the company.

However, free speech advocates, such as Article 19, have criticized the removal of government-critical posts. The group expressed concerns about the rising number of requests to restrict content, warning that this could impede legitimate free speech and expression.

“It is never permissible to prohibit expression solely because it casts a critical view on social issues, public figures or government institutions,” said Nalini Elumalai, the senior Malaysia program officer at Article 19.

Social media censorship is by no means only a Malaysian issue, but recently it’s an especially complicated one.

The post Social media giants respond to Malaysia’s rising content restrictions appeared first on Tech Wire Asia.

Malaysia’s semiconductor industry is considered one of the fastest-growing sectors in the world. The country is already a hub for the semiconductor supply chain, supplying key components to the industry over the past few years.

Malaysia has also witnessed continued investments in the semiconductor industry. Some of the major players manufacturing chips and other semiconductor components in the country include Intel, AMD, Broadcom, Infineon, Bosch, GlobalFoundries and many more.

GLOBAL SEMICONDUCTOR SALES TO PASS US$588BN IN 2024, FUELED BY MEMORY SURGE

Dashveenjit Kaur | 6 December, 2023

The country currently controls 13% of the global market for packaging, assembly and testing services for semiconductors. It is also the sixth largest source of semiconductor exports in the world. This makes the country an ideal supplier in the semiconductor supply chain, with the US being a major trade partner in the industry too.

According to a report by Nikkei Asia, chip companies Jabil, Micron, Bosch, Western Digital and Lam Research are all expanding their manufacturing footprints in the area around Penang in Malaysia, stretching from Kulim in the north to the Batu Kawan Industrial Park in the south. DHL Express is constructing several logistics centers in the area, after launching direct cargo flights five days a week between Penang and Hong Kong, a chip-trading hub close to mainland China, in mid-2021.

Are the sanctions actually making a difference to China?

Semiconductor industry in Malaysia

Given the development of the chip industry in Malaysia, China may now see opportunities to rely on the country not only to solve its supply chain problems but also as a solution to the sanctions that have been imposed on it.

Last year, the US government enforced chip sanctions on China, intending to slow down the country’s capabilities in developing AI. However, there were some loopholes in the sanctions that allowed Chinese firms to keep buying and building the chips used to train some of the world’s most advanced AI algorithms.

The US only realized the loopholes when companies like Huawei were able to develop a 5G phone despite sanctions. Companies like Nvidia were also still doing business with China but with a different version of chips, which were developed based on the limits of the sanctions. For example, the A800 and H800 chips were heavily sourced by Tencent and Alibaba in China.

Jensen Huang, CEO of Nvidia, who was in Malaysia recently, reaffirmed that China remains an important market for the company. Huang explained the situation, saying, ‘The US has determined to regulate our technology, the highest end of our technology, and limit its access to China. So, the regulations specify the maximum performance we can ship to China, and we will follow the regulations precisely – and very explicitly do so.” He added that Nvidia is currently developing new chips specifically for the Chinese market.

Huang also confirmed that Malaysia is a key player not just in the semiconductor supply chain but also in the data center industry in the region.

In Malaysia particularly, the data center infrastructure, “a layer of computing which is one of the most important parts of AI and cloud, is very successful,” Huang said. “And so I think that we’re going to see Southeast Asia participate across the entire technology stack, and Malaysia play a role in cloud infrastructure,” he added.

China could make use of Malaysian tech proficiency, while US firms like Nvidia also recognize the country’s potential. (image by Shutterstock).

Another loophole?

According to a report by Reuters, several Chinese semiconductor design companies are tapping Malaysian firms for chip assembly. The report said that the Chinese companies are asking Malaysian chip packaging firms to assemble graphics processing units (GPUs).

Assembling chips does not contravene any US restrictions. The sources also said that the assembling is not the same as the fabrication of the chip wafers. While the sources of the Reuters report declined to name the companies involved in the assembling, a few contracts have already been agreed.

CANON GIVES CHINA HOPE IN SEMICONDUCTOR MANUFACTURING PROCESS

Aaron Raj | 17 October, 2023

The US recently updated its sanctions on chips towards China, which focused on covering some of the loopholes that were present in the previous sanctions announced in 2022. The focus of the sanctions remains mainly on the sale of sophisticated chipmaking equipment.

Malaysia, a major hub in the semiconductor supply chain, is seen as well placed to grab further business as Chinese chip firms diversify outside of China for their chip assembling needs.

The Reuters report quoted Unisem chairman John Chia as saying “Many Chinese chip design houses have come to Malaysia to establish additional sources of supply outside of China to support their business in and out of China.”

Unisem provides semiconductor assembly and test services in Malaysia. Its packaging and testing facilities are located in Ipoh, Perak, Malaysia, Chengdu, China, and Batam, Indonesia. It also has wafer bumping facilities in Ipoh, Perak, Malaysia and Chengdu, China. China’s Huatian Technology is a majority shareholder.

Apart from chip design, China is Malaysia’s largest trade partner. Malaysia is also part of China’s “One Belt One Road” policy. Chinese investments remain high in the country, across a variety of industries.

Asked whether accepting orders to assemble GPUs from Chinese firms could potentially provoke US ire, Chia said Unisem’s business dealings were “fully legitimate and compliant,” and that the company did not have the time to worry over “too many possibilities.”

Unisem’s customers in Malaysia included those from the United States as well. The US Department of Commerce did not respond to requests for comment.

The post Could Malaysia’s semiconductor industry help China?  appeared first on Tech Wire Asia.

When it comes to data center investments, Malaysia has enjoyed some of the biggest growth in recent years, with the past two years alone seeing more than a dozen new data centers announced, with billions of dollars worth of investments recorded at the same time.

One of the biggest data center investments in the country was made by Equinix in 2022. The data center giant announced its market entry into Malaysia with plans to build a new International Business Exchange (IBX) data center located in Johor, called JH1. With an initial investment of around US$40 million, JH1 is scheduled to begin operations in Q1 2024, providing 500 cabinets and 1,960 square meters of colocation space.

JAPAN’S LIQUID GLOBAL THE LATEST VICTIM OF CRYPTO HACKS

Aaron Raj | 25 August, 2021

Then, in June this year, Equinix announced plans to increase its footprint in Malaysia by opening another data center, this time worth US$100 million, in Kuala Lumpur. Also expected to be operational in Q1 2024, the new facility in Kuala Lumpur, named KL1, together with JH1 in Johor, will provide the digital infrastructure that businesses need to capitalize on the country’s digital economy. Both data centers are built with a key focus on sustainability, to add some future-proofing in the light of advancing compute needs and costs in terms of both economy and ecology.

Given the entry into the Malaysian market and with operations expected to start in 2024, Equinix has also begun the process of sourcing talent to work in these data centers once they are ready.

“Equinix is well-positioned to support Malaysia’s vision of becoming a digital nation. I look forward to working with the team to expand our footprint in Malaysia and helping our customers capitalize on the opportunities presented by the digital economy,” stated Cheam Tat Inn, who was recently appointed as managing director for Equinix Malaysia.

Cheam Tat Inn, Equinix’s managing director in Malaysia; Ts. Mahadhir Aziz, CEO of MDEC; and Cyrus Adaggra, VP of corporate development, Equinix APAC, at the Equinix media roundtable held today in Kuala Lumpur.

Catering to regional customers

At a media briefing, Cyrus Adaggra, vice president, corporate development for Equinix Asia-Pacific also said there are plans to expand the capabilities of the data center in Johor in the future. This includes building another facility to support the growing needs of customers.

While the Johor data center could support the demands of Singaporean customers as well, Adaggra mentioned that the key focus for both data centers will be on Malaysian businesses, with the telco, service providers and enterprises as the key target customers. Having said that, Adaggra also highlighted that the data center is only a fraction of the company’s Singapore facility.

“While the Johor data center can support customers who want to deploy in Singapore and Malaysia, it will be complimentary to the Singapore data center. It may have more compute power in the future, but it won’t replace the Singapore data center and will always be a complimentary,” Adaggra explained.

When asked about the recent outage of Equinix data center in Singapore, Adaggra said the company is learning from the incident in Singapore to ensure it doesn’t happen again. He added that the operations team is industry-leading and is currently working on post-implementation reviews to ensure such an incident doesn’t occur again.

Ts. Mahadhir Aziz, CEO of MDEC, highlighting Malaysia’s determination to accelerate digitalization during the Equinix media roundtable.

Addressing the skills shortage in the data center industry

With more data centers mushrooming in the country, there is now a concern about whether there is a sufficient workforce available to fill up the new roles in these facilities. Globally, there is a big shortage of talent in the tech industry, with data center talent among those most in demand.

According to Ts. Mahadhir Aziz, CEO of MDEC, the development of skills in Malaysia is based on the talent requirement. However, investors will also look at the talent available before making any investments in the country.

QARBON TECHNOLOGIES WANTS TO SET STANDARDS FOR DATA CENTER SUSTAINABILITY MANAGEMENT

Aaron Raj | 21 November, 2023

“We believe we have adequate talent to support this. A lot of investors have mentioned that we don’t have sufficient talent. So we ask them how we can work together to deal with this,” said Aziz.

Some of the initiatives taken by MDEC and the government include creating programs directly with universities and corporations so that the right skills can be developed and the talents absorbed into employment.

Aziz also mentioned that knowledge workers do come in and train future operating teams, especially for newly established businesses and infrastructures in the country. For this, MDEC will also facilitate the immediate requirements.

Meanwhile, Adaggra stated the skills and talent shortage are not roadblocks for Equinix. He believes Malaysia will be able to fill the gaps in the future.

At the same time, Aziz also highlighted that with more data centers coming into the country, there is also the need to see how these investments will impact society. This includes focusing on creating more solutions locally as a launchpad to other markets.

The post Skills shortage not an obstacle for Equinix to commence data center operations in Malaysia appeared first on Tech Wire Asia.