Cyber threats in Malaysia have grown rapidly in recent years, driven by increased digital adoption, online banking, and cloud usage. While many organisations still rely on traditional antivirus software as their primary defence, real-world incidents in Malaysia show that antivirus alone is no longer sufficient, especially against DNS-level threats.

DNS (Domain Name System) attacks operate below the application layer, allowing attackers to bypass endpoint protection entirely. As a result, malicious communications may occur even when antivirus software shows no alerts.

According to CyberSecurity Malaysia’s Cyber999 Incident Response Centre, cyber incidents involving Malaysian IPs and domains have increased year‑on‑year. In the last two years alone, thousands of fraud, intrusion, and malicious code incidents were officially recorded, with fraud and phishing dominating the threat landscape.

Key statistics highlight the severity of the situation:

• Online fraud and phishing accounted for the majority of reported incidents, with 1,471 fraud cases in a single quarter (Q4 2025).

• Malaysia lost RM3.18 billion to online scams between 2021 and April 2024, affecting more than 95,800 victims nationwide.

• In 2024, phishing made up 77% of all fraud cases in Malaysia, according to statements to the Dewan Negara by the Digital Ministry.

Many of these attacks rely heavily on malicious domains, fake websites, and command-and-control servers, which are accessed through DNS.

Here are the reasons why traditional antivirus falls short:

1. Antivirus Works at the Endpoint — DNS Attacks Do Not

Traditional antivirus tools focus on:

• Known malware files

• Suspicious executables

• Behaviour on the local device

However, DNS threats occur before a file is even downloaded. If a user visits a malicious domain or a compromised website, DNS resolution happens automatically — long before antivirus engines can respond.

This gap has been highlighted repeatedly in Malaysian incident reports, where fraudulent websites and fake domains are among the most common attack methods.

2. DNS‑Based Malware Often Appears “Clean”

Modern malware increasingly uses DNS to:

• Receive commands

• Exfiltrate data

• Stay dormant until activated

Security reports covering Malaysia show a rise in stealthy malware and ransomware campaigns that avoid traditional detection techniques.

3. Phishing in Malaysia Is Domain‑Driven

Malaysia consistently ranks among the highest in Southeast Asia for web‑based threats, with 19.62 million web attacks recorded in the first half of 2024 alone, and 3.36 million attacks last year, according to Kaspersky.

Most phishing attacks depend on:

• Newly registered domains

• Look‑alike domains impersonating banks, telcos, or government agencies

• Short‑lived malicious URLs

Traditional antivirus software is no longer enough to protect Malaysian organisations and users from modern cyber threats. Real incidents and official statistics clearly show that DNS-level attacks play a central role in phishing, fraud, malware, and ransomware campaigns in Malaysia.

To reduce risk effectively, security strategies must evolve beyond endpoints and include visibility and protection at the DNS layer where many attacks begin but few are currently stopped.

Uncover hidden risks: In the next article, we’ll examine how malware reaches your network through everyday browsing.

Protect your business with Unifi Business cybersecurity solution. Reliable, always-on protection for what matters most.

REGISTER YOUR INTEREST