KUALA LUMPUR: Eighteen companies listed on the main board of Bursa Malaysia have suffered active malware infections as of last month, while 478 companies have suffered data leaks.
In addition, seven companies had their databases exposed, 37 had their remote desktop protocol (RDP) exposed, and seven had their remote sync (RSYNC) service observed.
RDP is a protocol that enables users anywhere in the world to access and control a computer, while RSYNC is a software tool to transfer files to a remote server.
These findings were among the conclusions of the Listed Malaysian Companies Cybersecurity Ratings for the November 2022 study produced by LGMS Bhd.
This leading cybersecurity expert also provides services for global brands such as Alibaba and local companies like Time dotCom Bhd, Celcom Axiata Bhd and AirAsia Group.
The study is conducted monthly, and the cybersecurity risk rating employs a combination of data points collected organically or purchased from public and private sources before applying proprietary algorithms to articulate an organisation's security effectiveness into a quantifiable score.
These ratings are backed by evidence from publicly available sources only, including data from the dark web, said LGMS in a statement.
The statement added that, during the public data collection process, LGMS conducted no vulnerability scans nor penetration testing exercises on rating subjects.
LGMS chief operating officer and associate director Gilbert Chu said it is concerning that these main board-listed companies have had their data compromised.
"It is particularly concerning that LGMS detected 18 listed companies with malware infections during November, which they are probably unaware of," he said.
"Malware can use known software vulnerabilities to infect computers, potentially giving hackers access to the organisation's network with one of the worst scenarios being ransomware," said Chu.
Ransomware is malicious software designed to block access to a computer system until a sum of money is paid.
Further, ransomware attacks are increasingly becoming popular among cybercriminals as they generate substantial profits. One of the worst incidents is the Wannacry ransomware of 2017, which crippled systems in dozens of countries, Malaysia included, and encompassed banks, hospitals and government agencies.
Chu encouraged organisations to perform Vulnerability Assessment (VA) & Penetration Testing (PT) exercises to explore deeper on any undiscovered vulnerabilities.
These exercises better secure organisations' cybersecurity resilience so they are better safeguarded in the cyber world.