Introduction

The National Cyber Coordination and Command Centre (NC4) continuously monitors the cyber threat landscape in Malaysia. In view of the upcoming Hari Raya Aidilfitri celebrations and the extended holiday break, NC4 urges all organisations in Malaysia and individual users to implement sufficient cybersecurity measures to ensure that systems and data are secure before leaving for the holidays. Globally, threat actors often take advantage of long weekends when IT staffing is minimal, launching malware and ransomware attacks during these vulnerable periods

Impact

Information leakage, data loss, service disruption, and compromised integrity of critical information are potential consequences if proper precautions are not taken. Such incidents can lead to financial losses and reputational damage for organisations.

Brief Description

NC4 has observed an increase in various cyber-attack attempts targeting Malaysian organisations in recent weeks. Threat actors, including cybercriminals and hacktivist groups have been known to launch web defacements, steal confidential data, and execute Distributed Denial of Service (DDoS) attacks as part of coordinated campaigns. Phishing scams and other forms of social engineering also spike during festive seasons, as attackers prey on employees with lures of holiday-themed emails, fraudulent offers and malicious APKs. In the global landscape, large-scale breaches and malware campaigns are on the rise. Recent incidents have compromised millions of user credentials and key files from cloud services, and one credential theft operation in early 2025 reportedly amassed over 3 billion login credentials across millions of devices worldwide. Ransomware groups likewise continue to pose a critical threat, often timing their attacks for weekends or holidays when fewer staff are available to respond. 

Given this threat landscape, it is imperative for all organisations to be proactive and vigilant. Past holiday periods have seen major cyber-attacks unfold due to reduced monitoring, and no sector or platform is immune. Therefore, organisations are strongly urged to take the necessary actions now to prevent becoming the next victim of these attacks

Affected Product

All platforms and systems are at risk if not properly secured. This includes on-premises and cloud infrastructure, operating systems, web and email servers, network devices, online services, and user endpoints across all environments

Recommendation

Organisations and individuals are advised to take the following actions to fortify their cyber defences:

1. Ensure all critical ICT systems, applications, and network devices are updated with the latest security patches and firmware to prevent exploitation of known vulnerabilities, especially for remote access infrastructure, firewalls, and cloud-based services.

2. Verify that all antivirus, anti-malware, EDR, and other endpoint security solutions are up-to-date, functional, and deployed across all endpoints. Conduct full scans and address any inactive, outdated, or missing agents.

3. Strengthen access control by enforcing multi-factor authentication (MFA) on all privileged and remote access accounts, including administrative consoles. Replace weak or default credentials with strong, unique passwords and enforce session timeouts and IP-based restrictions.

4. Educate employees on phishing threats and cyber hygiene, discouraging interaction with unsolicited emails containing suspicious links, attachments, or urgent requests, especially through personal devices.

5. Review and harden firewall rules, router settings, and network perimeters to restrict access to unnecessary services. Disable unused ports such as RDP (3389), VNC (5900), SSH (22), and implement IP whitelisting or geo-blocking for external access.

6. Secure remote access infrastructure by ensuring VPNs, RDP services, and other remote tools are patched, encrypted, and monitored. Disable or disconnect unused remote services to reduce potential attack vectors.

7. Enforce the principle of least privilege across all accounts and disable dormant, inactive, or unnecessary user and service accounts, particularly for ex-employees or third-party vendors.

8. Confirm logging is enabled on all critical systems, applications, and network infrastructure. Store logs securely, review them regularly, and establish automated alerts for suspicious activities such as brute-force attempts or after-hours access.

9. Maintain active security monitoring capabilities during reduced staffing periods or engage external managed detection and response (MDR) providers. Arrange for on-call personnel to handle incidents promptly.

10. Conduct secure, offline or segregated backups of critical data, configurations, and system logs. Validate the integrity and restorability of backups before operational downtime.

11. Power down or disconnect non-essential systems and devices not required during the operational pause, reducing the attack surface and limiting lateral movement opportunities for attackers.

12. Perform a final integrity check on public-facing web applications, portals, and APIs, ensuring there are no unauthorized changes, vulnerable components, or misconfigurations.

13. Ensure physical security controls are in place for all key ICT infrastructure, such as locked server rooms, surveillance systems, and intrusion detection alarms.

14. Circulate internal cybersecurity advisories to all personnel, highlighting the importance of secure device usage, phishing awareness, and personal accountability while working remotely or during the break.

15. Ensure contact details and escalation procedures for incident response teams are updated, tested, and accessible, to facilitate prompt handling of any cybersecurity incidents during reduced operational periods.

16. Restrict access to internet-facing services strictly to essential use cases and apply network segmentation and access control measures to isolate sensitive environments.