Buiding the new 5G tower along Jalan Kuchai Lama in Kuala Lumpur
PETALING JAYA: Experts are calling for a clear digital direction and quick implementation for the rollout of the dual 5G network and the MyDigital ID programme, saying that any delay is unacceptable if Malaysia were to position itself as the choice for leading industries and as Asean chairman. Malaysia, said Federation of Malaysian Consumers Associations (Fomca) vice-president Datuk Indrani Thuraisingham, must have the proper infrastructure to support such targets.
“Since we are championing artificial intelligence (AI) development, setting up more data centres and other related fields, it is fair for the relevant authorities as well as stakeholders to prepare the right infrastructure to support these initiatives.
“It is unacceptable to delay it further as it could have an impact on our country’s economy,” she said in an interview yesterday.
Malaysia has secured billions of ringgit in investment in the past year from global tech firms seeking to build critical infrastructure to cater to growing demand for their cloud and AI services.
The Star also reported that while the number of digital nomads in the country has doubled, Internet connectivity remains a major concern for them.Other countries such as China, pointed out Indrani, have even achieved a breakthrough in satellite-to-ground laser communications that could pave the way for sixth-generation wireless technology – or 6G – and other applications, including remote sensing with ultra-high resolution and next generation satellite positioning technology.
“They have gone beyond 5G and we need to keep up with them,” she said.
On Jan 2, China’s Chang Guang Satellite Technology Co, which owns Jilin-1, the world’s largest sub-metre commercial remote sensing satellite constellation, announced that it had achieved a 100 gigabit per second ultra-high-speed image data transmission rate in testing last weekend.
In terms of consumer rights, Indrani said industry players must deliver what they had promised to customers.
“Some of the customers are already paying for 5G connectivity and they need to deliver it.
“In certain places, even in Selangor and Klang Valley, we cannot get proper connectivity, and some still get 4G networks,” she said, adding that there are also complaints of dropped calls.
Malaysia Cyber Consumer Association president Siraj Jalil said any delay in the rollout of a dual 5G network and MyDigital ID programme only reflected the preparedness of the relevant authorities.
“We need to look back at the objectives of the initiative and why it is still delayed,” he added.
“Since (MyDigital ID) will be our future digital identity and represents our position in the digital landscape, the government needs to be clear on it, especially to the stakeholders which is the rakyat,” he said.
Citing the postponement in the integration of the MyDigital ID with the MyJPJ app, he said such disruptions create a bad perception to the users.
“If we cannot integrate our ID into a multi digital system, like JPJ, it shows that is not being set up properly,” he said, adding that this should be fixed
In October last year, MyDigital ID Sdn Bhd CEO Mohd Mirza Mohd Noor had explained that the integration of MyDigital ID with the MyJPJ app was not cancelled but merely postponed.
The delay, he explained, should be looked at as part of an overall strategy to ensure the success of this feature and to improve the user experience.
Sharing her own personal experience, civil servant Siti Nor Mardiah, 33, said a few months ago, the 5G network completely stopped working on her phone.
“When I called my mobile service provider, they said 5G comes under DNB, and not them. As a solution, they told me to use 4G instead. It has been months and I am still using 4G.
“The same goes for my home Wi-Fi, the 5G doesn’t work for some reason (and) 2.4G works better,” she said.
“What baffles me is that this is the situation in Kuala Lumpur, now I can’t imagine how the network is in rural areas.”
Related stories:
Experts urge for quick, clear rollout of 5G and MyDigital ID
Steps being taken to resolve MyDigital ID, 5G network delays
Govt aims to resolve MyDigital ID and dual 5G network ...
Digital Ministry hopes to solve MyDigital ID and 5G issues ...
PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.
In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.
Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.
“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement.
Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.
“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.
He added that customers’ banking information and personal data will remain confidential.
Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.
“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.
Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.
When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.
“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.
While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.
“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.
Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.
“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.
Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.
“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.
Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.
“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.
He added that the criteria used to define a “compromised device” must be transparent and precise.
“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.
“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.
Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.
“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.
Customers also need to be constantly reminded of the latest potential online scam attempts.
“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.
Group push for higher broadband standards amid new regulations
PETALING JAYA: New regulations are set to take effect on April 1 to enhance the overall quality of wireless broadband services, with telcos required to deliver a minimum download speed of 7.7mbps.
But with the regulatory body, Malaysian Communications and Multimedia Commission (MCMC), saying that the product offerings of telcos to users will not be affected, meaning that plans below 7.7Mbps will not change after April 1, consumer and other groups have countered to say that the aim should be to improve user experience.
Federation of Malaysian Consumers Associations (Fomca) vice-president and legal adviser Datuk Indrani Thuraisingham said the download speed of 7.7mbps set is not good enough as Malaysia aims to be one of the top AI hubs in the region.
“We need to compare ourselves with other neighbouring countries to ensure that we will be able to compete,” she said when contacted yesterday.
Malaysian Association of Standards Users (Standards Users) secretary-general Saral James Maniam said the existing Mandatory Standards for Quality of Service (MSQoS) aims to safeguard consumer interests and ensure optimal wireless broadband services, while the updated one focuses on further enhancing Internet service quality across the country.
“The new MSQoS mandates an average download speed of at least 7.7Mbps, compared with the existing requirement of 2.5Mbps for mobile and 25Mbps for fixed wireless access.
“The standards will ensure the providers comply to prioritise quality and potentially invest in upgrades to meet the new standards,” she said.
After conducting a comparison of Internet download speeds in Malaysia, Singapore, Thailand, Vietnam and Indonesia, she said she found that “Malaysia can do much better”.
She said Singapore currently has among the fastest mobile download speeds at 264.15Mbps while its fixed broadband download speed is at 263Mbps.
“Singapore leads with the fastest speeds in both categories. Thailand and Vietnam have moderate speeds. Malaysia must maintain a speed that is at least comparable to that of Indonesia’s and 7.7Mbps is very low,” she added.
Saral James said MCMC will monitor compliance with the new minimum standard and penalties might apply for non-compliance, highlighting the importance of adhering to the new standards.
“There is a transparency needed on how the compliance will be monitored,” she said, adding that it would be better if users also monitor their download speeds.
“The question is what is the application available for the consumer to check and report?” she asked.
Malaysia Cyber Consumer Association president Siraj Jalil said it is important for service providers to give a clear baseline on minimum download speed.
“This will be good for users; if they understand what is their right, their awareness will increase. The authorities should also from time to time measure the service providers’ services,” said the head of the body which focuses on educating users on digital technology,
Consumers Association of Penang’s (CAP) education officer NV Subbarow said it is the duty of the government to provide the best facilities to consumers.
“Consumers are paying the charges they are requesting. The service providers must ensure and strictly follow the new ruling,” he said.
New initiative aims to increase GDP, improve wage levels and quality of life
The Madani Economy framework to restructure the country’s economy is to ultimately provide the people with the benefits to enjoy a better quality of life, says the Prime Minister. Execution is very important as announcements are not new to Malaysia, say trade groups.
KUALA LUMPUR: Taking Malaysia into one of the top 30 economies in the world over the next decade is among the ambitious goals set by Putrajaya under Madani Economy, the latest economic framework.
“This is a framework to elevate the dignity and status of our nation by restructuring the economy towards making Malaysia a leader in the South-east Asian region. This ultimately benefits the people, (who would) enjoy a better quality of life,” said Prime Minister Datuk Seri Anwar Ibrahim.
Anwar, who launched the Madani Economy: Empowering the Rakyat initiative here yesterday, said it was imperative for the country to not rest on its laurels with its 4% to 5% annual GDP growth rate, but instead to become a regional economic powerhouse, beginning with targeting a yearly GDP expansion rate of 5.5% to 6%.
“Malaysia needs to build larger economic integration with our neighbours, especially as the world is facing a supply chain disruption. We need to better equip Malaysian corporations for greater competitiveness and to at least breach into the Asean market,” he said in his keynote address at the Madani Economy launch.
Another important area is to improve wage levels to help everyone have a better quality of life, he added. This includes hauling the country’s Compensation of Employees to Gross Domestic Product (CE:GDP) ratio up from 35% to 45% and improving Malaysia’s standing in the Global Competitiveness Index to 12th or better, said Anwar.
The CE:GDP ratio is generally used to gauge the income-earning power of a country’s citizens and measures the share of compensation paid to employees who make up a country’s GDP.
Apart from that, the Prime Minister said that there should be sensible utilisation of free trade agreements for better movement of goods, capital, human resources and technology-sharing.
He said the government was also looking to introduce tax incentives to reward companies that produce high-impact economic products and activities.
To improve Malaysia’s global competitiveness and expand the economy, Anwar said his administration has allocated Rm100mil to complete the infrastructure at various industrial zones throughout the country. An additional Rm100mil would be allotted to enhance the research, development, commercialisation and innovation ecosystem, he added.
The focus will be on industrial needs, renewable energy and new growth activities – all part of the government’s effort to achieve a gross domestic expenditure on R&D to GDP ratio of 3.5%.
“All the efforts to enhance the country’s economy ultimately leads to the next step, which is to improve the livelihood of Malaysians. The success of the Madani Economy structural renewal has to be measured by how it produces jobs with a meaningful remuneration package for the people,” he said.
The government is also looking into several oft-mentioned initiatives such as enacting a progressive minimum wage system – which has partly been put into effect – as well as reducing the reliance on foreign labour by introducing a tiered-levy system on non-malaysian workers.
Anwar said such efforts will increase the adoption of automation and provide upskilling opportunities for Malaysian employees.
He said his administration is working with a number of government-linked investment companies (GLICS) to invest up to Rm1bil in additional funds, in partnership with private investors, to support local startups and to further spur technopreneurship.
Recognising that approximately 79% of micro, small and medium enterprises (MSMES) consist of micro businesses, he said these small-size endeavours have the potential to expand and penetrate international markets, especially if they get enough facilities and support.
As such, he said the government would prepare an addition Rm100mil in the digitalisation matching grant to help MSMES further digitalise their business models. This is in line with digital economy reforms meant to enhance the online business exposure of such enterprises.
Madani is an acronym for a policy that embraces six core values: kemampanan (Sustainability), Kesejahteraan (Prosperity), Daya Cipta (Innovation), hormat (Respect), keyakinan (Trust) and Ihsan (Compassion).
Related:
Ekonomi Madani: Setting the stage for the country's next industrial take-off...
Madani economy to drive positive change in Malaysia
RM100 ewallet credit for M'sians earning below ... - The Star
Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.
ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?
This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?
The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.
Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences.
Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.
Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:
In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.
The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.
STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.
Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.
In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.
So how was this achieved – must have been very sophisticated? Actually, not.
Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.
The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.
The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.
However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.
The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.
This was another eureka moment – national power grids are not safe from threat actors either.
One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.
In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.
After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.
Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.
These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.
These are some of the logical first steps to consider:
User account security
User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.
Here are the suggested foundational controls that should be considered:
> enable the detection of unsuccessful user login attempts
> change all default passwords and implement multi-factor authentication
> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)
> revoke the credentials of departing employees.
Device security
Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.
Here are the suggested foundational controls that should be considered:
> approval process for new hardware and software deployment
> the disablement of macros by default > maintaining an up-to-date asset inventory
> prohibiting the connection of unauthorised devices
> documenting device configurations.
Data security
The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.
Here are the suggested foundational controls that should be considered:
> strong and agile encryption
> enable log collection
> secure storage of the said logs.
Governance and training
A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.
Here are the suggested foundational controls that should be considered:
> appointment and empowerment of a single leader to be accountable for cybersecurity
> a single leader to be responsible for Ot-specific cybersecurity
> basic cybersecurity training for all employees and third parties
> OT specific cybersecurity training for OT managers and operators
> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.
Vulnerability management
To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:
> mitigate known vulnerabilities
> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster
> blacklisting of exploitable services on the Internet
> limit OT connections to public Internet > conduct third-party validation of control effectiveness.
Supply chain/third party
To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:
> establish supplier cybersecurity requirements
> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.
Detection, response and recovery
Here are the suggested foundational controls that should be considered:
> capability to detect relevant threats and TTPS
> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.
Network segmentation
Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.
Here are the suggested foundational controls that should be considered:
> segment IT and OT networks
> segment safety critical systems form other systems
> segmentation of temporarily connected devices
> segmentation of wireless communications
> segmentation of devices connected via untrusted networks/internet.
Email security
By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.
Here are the suggested foundational controls that should be considered:
> Email encryption
> Email account authentication
> and email filtering.
In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.
Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.
By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s
own.
Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data
security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday.
