
Malaysia
Bank Rakyat Data Breach
Ransomware Attack Exposes Sensitive Data in Malaysia’s Largest Islamic Cooperative Bank
In September 2024, a cyberattack hit Bank Rakyat, Malaysia’s largest Islamic cooperative bank, leaking 463GB of critical files like customer credit and anti-money laundering data. The attack, carried out by the ransomware group Hunters International, has sparked concerns over financial institution security in an era of increasing ransomware threats.
The Breach Incident:
The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.

Key facts:
• Date of Discovery: September 10, 2024
• Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.
• Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.
• Impact: 144,015 leaked files affecting business and customer trust.
Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.
Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:
• Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.
• Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.
Lessons Learned:
Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.
Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.
Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.
Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.
Conclusion:
The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.
Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.
The Breach Incident:
The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.

Key facts:
• Date of Discovery: September 10, 2024
• Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.
• Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.
• Impact: 144,015 leaked files affecting business and customer trust.
Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.
Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:
• Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.
• Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.
Lessons Learned:
Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.
Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.
Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.
Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.
Conclusion:
The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.
Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.
The Breach Incident:
The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.

Key facts:
• Date of Discovery: September 10, 2024
• Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.
• Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.
• Impact: 144,015 leaked files affecting business and customer trust.
Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.
Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:
• Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.
• Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.
Lessons Learned:
Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.
Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.
Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.
Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.
Conclusion:
The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.
Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.
The Breach Incident:
The attack was first reported on September 10, 2024, by cybersecurity groups like FalconFeeds, who linked it to the Ransomware-as-a-Service (RaaS) group, Hunters International.

Key facts:
• Date of Discovery: September 10, 2024
• Culprits: Hunters International, a RaaS group possibly tied to Russia or Nigeria.
• Data Leaked: 463GB, including suspicious transactions, customer accounts, and CCRIS data.
• Impact: 144,015 leaked files affecting business and customer trust.
Bank Rakyat insisted their systems were still secure, but the leak of critical data tells a different story.
Aftermath:

Bank Rakyat took action to contain the breach but lagged behind the attackers:
• Business Continuity: Operations continued, but over 463GB of sensitive data was leaked online on September 17.
• Public Response: The bank assured customers and authorities that mitigation steps were underway, but the breach’s scale revealed unresolved security issues.
Lessons Learned:
Stronger Threat Detection: The bank’s claim of system security, followed by data release, points to weak threat detection.
Containment Isn’t Enough: Though efforts were made to contain the breach, significant data was already exfiltrated. Swift containment and threat eradication must go hand-in-hand.
Proactive Ransomware Defense: A multi-layered approach with tools like Endpoint Detection and Response (EDR) and continuous monitoring (e.g., Flawatch) is vital to address vulnerabilities early.
Robust Incident Response: A well-practiced response plan is essential, with fast communication to customers, regulators, and stakeholders.
Conclusion:
The Bank Rakyat breach shows why financial institutions must enhance their cybersecurity measures. Proactive threat detection, continuous monitoring, and comprehensive defenses are crucial for protecting sensitive data.
Take Action Now: Flawatch’s Attack Surface Management helps institutions spot and neutralize emerging threats before they escalate. Stay ahead of cybercriminals—secure your systems now.



Get Started
Demo the hacker's prespective
All we need is your business email and 10 minutes to introduce you to our platform.
Continuously watching out for security flaws
Continuously watching out for security flaws
Continuously watching out for security flaws
Continuously watching out for security flaws