Kaspersky: Over 18 Million Web-Based Cyber Threats Blocked in Malaysia as Online Browsing Remains Primary Risk Surface
More than 18.8 million web-based cyber threats were detected in Malaysia in 2025, averaging over 51,000 attempted malicious incidents daily, according to data from Kaspersky Security Network (KSN).
Key Findings in Malaysia
The findings highlight how routine internet activities – from browsing websites to accessing online services and downloading files – continue to serve as one of the most common entry points for cybercriminals. In 2025, 26.7% of users in Malaysia encountered web-borne threats, placing the country 42nd globally in terms of exposure to risks associated with surfing the web.
How Web-Based Threats Work
Web-based threats typically spread through compromised websites, malicious scripts, deceptive links or software vulnerabilities in browsers and plugins. In some cases, users may unknowingly trigger a “drive-by download”, where malicious code runs automatically simply by visiting an infected website without users intentionally clicking or installing anything. Others rely on phishing pages or deceptive links designed to resemble legitimate products or services.
According to the Department of Statistics Malaysia (DOSM), ICT and e-commerce activities accounted for approximately 23.4% of the national GDP in 2024. Digital Minister Gobind Singh Deo has also emphasised that Malaysia remains committed to growing the digital economy to 30% of GDP by 2030.
As digital adoption accelerates across daily activities, businesses, financial services and public administration, web-based channels have become integral to Malaysia’s economic activity. From online banking and e-commerce to remote work platforms and cloud-based systems, internet browsers serve as key gateways to business operations and personal data.
With Malaysia’s digital footprint continuing to expand, cybercriminal tactics are adapting in parallel. Attackers are increasingly leveraging automation and generative AI tools to produce convincing phishing pages and social engineering campaigns tailored to local contexts. These activities are often timed around government announcements, corporate correspondence, festive periods or trending public events, enhancing their relevance and making them harder for users to distinguish from legitimate communications.
The MyCERT Q3 2025 report further shows that fraud ranks as the top reported cyber category in Malaysia, with phishing making up 75% of fraud incidents during the quarter, reinforcing the continued dominance of web-delivered deception across both business and consumer environments.
“The data suggests that web-based threats are now a consistent feature of digital activity rather than an occasional surge. Stability in exposure rates should not be interpreted as reduced risk; instead, it reflects how deeply integrated online interactions have become in everyday life. As browsing continues to serve as a primary access point to digital services, the discussion is no longer about isolated incidents but about managing a continuously present layer of cyber risk,” said Simon Tung, General Manager for ASEAN and Asia Emerging Countries at Kaspersky.
To stay protected from web threats, Kaspersky recommends:
Look out for phishing red flags in websites, texts, emails, and other forms of communication.
Vet links before clicking. Only click on links if you are positive that the destination is safe and trusted.
Always create backups. All valuable data should be copied and stored safely to prevent data loss in case of a cyber breach.
Scan for malware. Regular scans for infections will keep your devices secured. Personal devices can be covered with an antivirus solution like Kaspersky Premium.
Enterprise endpoint machines and computer networks should also use such protection. Businesses can adopt cybersecurity solutions like those from the Kaspersky Next product line that provide real-time protection, as well as investigation and response capabilities of EDR and XDR.
Businesses should also equip their cybersecurity teams with in-depth visibility into cyber threats targeting the organisation. The latest Kaspersky Threat Intelligence delivers rich, contextual insights throughout the entire incident management cycle, enabling timely identification of cyber risks.
Keep all tools, software, and OS up to date. Computer systems are more vulnerable if they are unpatched against undiscovered holes in their programming.
As part of its ongoing efforts to promote stronger digital protection, Kaspersky is offering up to 19% off Kaspersky Premium between 1 – 31 March 2026, together with a RM30 Touch ‘n Go Reload PIN with each purchase for a limited time.
