PETALING JAYA: Ensign InfoSecurity (Ensign), Asia’s largest pure-play cybersecurity services provider, released its sixth Cyber Threat Landscape Report (CTLR), revealing a thriving underground cyberthreat economy and growing supply chain vulnerabilities across Asia-Pacific.
In Malaysia, the report observed a rise in hacktivist activity, with these ideologically motivated threat actors growing in scale and sophistication within a mature, underground cyberthreat economy.
In short, threat actors are joining forces with other hacktivists and even organised crime groups to grow their capabilities and fund larger campaigns.
This report is based on insights drawn from Ensign’s proprietary telemetry and intelligence gathered across Asia Pacific in 2024, including Malaysia. It provides a comprehensive view of the evolving landscape, including newly observed alliances between threat actors.
“The evolving posture of hacktivism signals a shift from purely ideological motivations to campaigns driven by financial incentives. The cyber underground today fosters both competition and collaboration, enhancing the effectiveness and success rates of cyber-attacks,” Ensign InfoSecurity Malaysia senior director Jeremy Moke said.
These alliances, he added combined with widening supply chain vulnerabilities, have made threat groups like hacktivists more capable, persistent, and difficult to dislodge.
The automotive & mobility sector is an emerging target sector in Malaysia.
The proliferation of modern vehicles integrating complex computing, software, and the supporting infrastructure creates new points of vulnerability. Besides, its extensive network of suppliers, manufacturers and service providers further exposes organisations to vulnerabilities in its cyber supply chain.
“Meanwhile, the hospitality sector is a target for surveillance-related activities involving Politically Exposed Persons at international
conferences and meetings in-country.
“Ongoing target sectors, meanwhile, include banking, financial & insurance; defence & law enforcement; energy & utilities; technology, media & telecommunications; and the public sector. This diversification signals a shift in attacker strategy, with threat groups expanding their focus to industries that manage sensitive data or offer access to wider ecosystems.
The report also highlights a significant shift in cyberattack outcomes, with data breaches (41.1%) and denial-of-service attacks (30.1%), surpassing ransomware attacks – which had been the leading outcome in 2023.
“As threat actors evolve, so must our understanding of where the risks lie,” Moke said, adding that their latest findings in Malaysia reinforce the reality that no sector is immune to cyberthreats.
“Threat groups are becoming more strategic – bypassing traditional defences by exploiting trust, vendor relationships, and weak access points within systems.
“Organisations can no longer assume that their defences are adequate. They must continuously adapt, validate their security
measures, and address vulnerabilities to ensure their cyber posture is aligned with today’s threat landscape.
“At Ensign, we are committed to supporting organisations in building stronger, more resilient defences,” he said.
Ensign InfoSecurity revealed that the cyberthreat underground economy has evolved into a mature and highly collaborative economy.
Threat actors including ransomware groups, Initial Access Brokers, and hacktivists work in tandem; each specialises in a piece of an attack while pursuing multiple income streams and there has been an increased sophistication in supply chain compromises, where hardware, software, and service providers are specifically targeted to gain stealthy access to organisations.
Compared to 2023, incident-response dwell time (the duration attackers remain undetected within networks) has risen significantly across industries.
Across Asia Pacific, the maximum dwell quadrupled from 49 to 201 days, while the minimum dwell more than doubled to seven days.
This signals that cyber criminals had a much wider window to steal data, move across networks, and cause damage.
