bank rakyat logo

Malaysia

Bank Rakyat Data Breach

Ransomware Attack Exposes Sensitive Data in Malaysia’s Largest Islamic Cooperative Bank

In September 2024, a cyberattack hit Bank Rakyat, Malaysia’s largest Islamic cooperative bank, leaking 463GB of critical files like customer credit and anti-money laundering data. The attack, carried out by the ransomware group Hunters International, has sparked concerns over financial institution security in an era of increasing ransomware threats.

The Breach Incident:

The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.


Key facts:

Date of Discovery: September 10, 2024

Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.

Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.

Impact: 144,015 leaked files affecting business and customer trust.

Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.


Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:

Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.

Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.


Lessons Learned:

  1. Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.

  2. Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.

  3. Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.

  4. Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.


Conclusion:

The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.

Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.

The Breach Incident:

The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.


Key facts:

Date of Discovery: September 10, 2024

Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.

Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.

Impact: 144,015 leaked files affecting business and customer trust.

Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.


Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:

Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.

Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.


Lessons Learned:

  1. Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.

  2. Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.

  3. Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.

  4. Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.


Conclusion:

The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.

Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.

The Breach Incident:

The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.


Key facts:

Date of Discovery: September 10, 2024

Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.

Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.

Impact: 144,015 leaked files affecting business and customer trust.

Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.


Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:

Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.

Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.


Lessons Learned:

  1. Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.

  2. Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.

  3. Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.

  4. Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.


Conclusion:

The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.

Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.

The Breach Incident:

The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.


Key facts:

Date of Discovery: September 10, 2024

Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.

Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.

Impact: 144,015 leaked files affecting business and customer trust.

Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.


Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:

Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.

Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.


Lessons Learned:

  1. Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.

  2. Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.

  3. Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.

  4. Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.


Conclusion:

The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.

Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.

Bg
Bg
Bg
Journey-Image-01
Journey-Image-01
Journey-Image-01
Journey-Image-01

Get Started

Demo the hacker's prespective

All we need is your business email and 10 minutes to introduce you to our platform.

Continuously watching out for security flaws

Copyright © 2024 Flawtrack Sdn. Bhd.
All Rights Reserved

Continuously watching out for security flaws

Copyright © 2024 Flawtrack Sdn. Bhd.
All Rights Reserved

Continuously watching out for security flaws

Copyright © 2024 Flawtrack Sdn. Bhd.
All Rights Reserved

Continuously watching out for security flaws

Copyright © 2024 Flawtrack Sdn. Bhd.
All Rights Reserved