By Khairul Akma Mahamad & Raja Nur Zafira Raja Sharudin

Introduction

Rapid developments in Internet technology and the cyber world have created new opportunities for irresponsible people to take advantage of internet users. The number of cybercrime cases in Malaysia has been increasing year on year. Despite the efforts by various Malaysian institutions, Malaysia is still considered a hotspot for cybercrime. The popular word nowadays, is ‘scam’. Who has never heard that – from kids to the elderly – everyone knows about the word. A lot of people are complacent about their online safety because of the sense that they have nothing of value to be stolen. Without knowing any better, many people believe that their data is safe from cybercriminals simply because they don’t use the Internet much or they delete their browsing history after each session.

Cybercrime and statistics

According to Wikipedia, cybercrime is a type of crime involving a computer or a computer network. The computer may have been used in committing the crime, or it may be the target. Cybercrime may harm someone’s security or finances.

Based on statistics by the Malaysia Computer Emergency Response Team (MyCERT), it shows fraud is the highest incident that was reported every year as shown in Figure 1.

Based on statistics by the Malaysia Computer Emergency Response Team (MyCERT), it shows fraud is the highest incident that was reported every year as shown in Figure 1.

Types of cybercrimes

Common types of cybercrime in Malaysia include phishing attacks, online scams, ransomware attacks, hacking, and malicious software distribution. Social engineering techniques, such as impersonation and pretexting, are also prevalent. The cybercriminal will find ways to steal the personal information or wealth of their victim. The techniques are as follows:

a) Phishing

Victims of phishing often would receive an e-mail or SMS from a source posing as a legitimate company (e.g. banks, LHDN) to update their internet banking details. Once the attachment or the link in the email is clicked on, the victim will enter banking details such as user ID, password, ATM card number etc. in the phishing website. The suspect then will transfer money from the victim’s bank account.

b) Online fraud

Cyber criminals use e-mails, websites, chat rooms, and social media sites to make connections with victims. By exploiting the victims’ trust, criminals deceive and manipulate the victims into giving up confidential information or even money to them. The types of online frauds include scams, miracle cures, advance fees for credit cards, parcel scams, shopping and auction sites fraud, mule recruitment, “something is wrong with your PC”, fake check scams, identity theft, business opportunities, “relative in distress”, sweeps-take offer, foreign lottery, secret shopper, phishing emails, prize winner, charity donation, love scam, and many more.

c) Identity theft

Cybercriminals steal victims’ personal information such as full name, date of birth, or credit card number to commit financial fraud or other crimes, such as entering or exiting a country illegally, laundering money and drug trafficking. The consequences that follow can be detrimental to the victims.

d) E-Commerce fraud

The most popular e-commerce transactions associated with fraud occur in the airline industry, followed by general retail, electronics, ticketing, telecom, money transfers, toys, clothing, etc. Criminals use methods such as phishing and identity theft to facilitate the commission of the crime.

e) Ransomware

This malware can modify or block data on your computer. In order to restore the computer’s performance and data, victims have to pay ransom to the cybercriminals. However, experts have warned that access to the blocked data or security of the computer is not guaranteed.

f) Botnet

A “bot” is a type of malware that allows an attacker to take control over an affected computer. Botnet is a network of infected machines ranging from a few hundreds to hundreds of thousands stretching across the globe. Many of these computers are infected without their owners’ knowledge. Botnets can be used to carry out a variety of automated tasks, including sending spams, viruses, and spyware; steal sensitive information such as credit card numbers, banking credentials, and personal information; DDoS; and Click fraud.

g) Distributed Denial of Service (DDoS)

In a DDoS attack, hundreds or thousands of compromised machines (multiple computers and internet connections) are used to flood the access to a targeted system (this could be a machine, network resource, or website). Victims of a DDoS attack include both the end targeted system and all systems controlled by the hacker in the attack. DDoS attacks are usually distributed via botnets globally.

h) Love scam

The victims get to suspect through social media. The suspect will introduce himself as businessman or engineer or maybe pilot from other country. He will use tactic such as give luxury present from oversea. The suspect then will ask to make various payments e.g. tax, to claim the gift. Besides that, other modus operandi is suspect requesting victim to assist him to pay other party for business purpose or to get inheritance money.

Tips and advice

It is hard to imagine how potential cybercriminals can make a fortune in the digital age. From online scams to ransomware, their methods are diverse and increasingly sophisticated. However, it is very important to guard against these attackers and prevent them from getting the upper hand on you as a business or individual.

Some tips to help prevent cybercrime:

• Do not share your banking information. A real bank would never ask for your bank account information, your debit card and PIN numbers, or other sensitive information (such as your IC number) via email.
• Always double check to ensure that the site address or email address in the provided link is accurate and a genuine site.
• Be careful with sales or offers.
• Buy from trusted websites and never compromise on safety features.
• Ignore unknown individuals on social media.
• Do not easily believe the social media acquaintance.

How to prevent cybercrime and challenges

Preventing cybercrime

Preventing cybercrime is a complex and ongoing challenge, given the constantly evolving nature of technology and cyber threats. Here are some strategies to help prevent cybercrime:

a) Educate and raise awareness

Provide regular training and education to users, and the general public about cybersecurity best practices. This can include topics such as password hygiene, phishing awareness, and safe online behaviour.

b) Implement strong security measures

• Use strong, unique passwords and two-factor authentication (2FA) for all accounts.
• Keep software, operating systems, and applications updated with the latest security patches.
• Employ robust firewalls, intrusion detection systems, and antivirus software.

c) Regular backups

Maintain regular backups of critical data to ensure that you can restore your systems without paying ransom or losing valuable information in case of a cyber attack.

d) Threat intelligence

Stay updated on the latest cyber threats and vulnerabilities through threat intelligence sources to proactively adapt your defences.

e) Incident response plan

• Develop and regularly update a comprehensive incident response plan to effectively manage and mitigate the impact of cyber incidents.
• Do report to relevant authorities such as PDRM, KPDNKK, BNM and other relevant enforcement agencies.

Challenges in preventing cybercrime

Addressing these challenges requires a multi-layered and holistic approach that involves technical solutions, policy changes, education, and collaboration. It’s an ongoing effort that requires constant vigilance and adaptation to the evolving threat landscape.

a) Sophistication of attacks

Cybercriminals continuously develop advanced attack techniques that can bypass traditional security measures.

b) Human factor

Social engineering and phishing attacks exploit human behaviour, making it challenging to defend against human error.

c) Technological evolution

As technology evolves, new vulnerabilities emerge, making it difficult to keep up with securing all aspects of the digital landscape.

d) Attribution and enforcement

Identifying and prosecuting cybercriminals across international boundaries is complex due to the anonymity and technical expertise they possess.

e) Emerging technologies

The adoption of new technologies like IoT and AI introduces new attack vectors that need to be addressed.

f) Insider threats

Malicious or unintentional actions by employees or insiders can pose a significant risk to cybersecurity.

National Scam Response Centre

On 14 October 2022, the Prime Minister’s Department announced that the National Scam Response Centre (NSRC) has been established as an operational centre to coordinate a rapid response to online financial fraud. This response includes fast detection of stolen funds and enforcement action against criminals.

The NSRC is a joint venture between the National Anti-Financial Crime Centre (NFCC), the Royal Malaysia Police (PDRM), Bank Negara Malaysia (BNM), the Malaysian Communications and Multimedia Commission (MCMC) as well as financial institutions and the telecommunications industry. The NSRC brings together resources and expertise from all these parties to combat financial fraud more effectively.

-- BERNAMA

Khairul Akma Mahamad & Raja Nur Zafira Raja Sharudin are with the International Engagement Department, International & Government Engagement Division of CyberSecurity Malaysia.