In March 2025, Malaysia Airports Holdings Berhad (MAHB)—operator of KLIA—was hit by a ransomware attack that disrupted operations and triggered a national-level response.
While official reports say flight operations were “not impacted,” ground reports from passengers and airport staff suggest otherwise. Operations reportedly slowed down for more than 10 hours.
Staff reportedly had to switch to manual flight updates. Screens went dark. The entire country saw firsthand what a cybersecurity failure can look like in real time.
What Happened at MAHB?
- Date: March 23, 2025
- Target: Kuala Lumpur International Airport (KLIA) systems
- Attack Type: Ransomware
- Demand: USD 10 million
- Impact: Temporary outage, manual operations, national attention
- Response: Prime Minister Anwar Ibrahim confirmed the attack and refused ransom payment. NACSA began its investigation.
What is the possible cause of these cyberattacks?
Let’s break it down.
1. Lack of Penetration Testing
Most companies in Malaysia assume their infrastructure is secure—until it’s not.
Regular penetration testing is rare, even in industries handling sensitive data or critical infrastructure.
Fact: According to CyberSecurity Malaysia, over 70% of organizations that suffer breaches had no recent vulnerability assessment or security audit.
2. Human Error Is Still the Weakest Link
Phishing is still the #1 entry point for ransomware.
Even with the best software, it’s still vulnerable to a single point of human error.
Stat: Over 60% of Malaysian breaches in 2024 were caused by employee mishandling of credentials, phishing, or poor password practices.
3. Legacy Systems and Outdated Infrastructure
Older systems often lack modern defenses and are not properly segmented.
If an attacker compromises one part of your network, they can move laterally to access everything—unless your environment is properly segmented with sufficient controls.
Our Advice
While we don’t have insider details, here’s what could have significantly reduced the risk.
It doesn’t matter if you’re a startup, SME, large multinational, or government agency—this applies to you.
Here’s your actionable cybersecurity checklist:
- Regularly conduct a Penetration Test
Not just automated vulnerability scans, but real-world attack simulations. Know your weak spots before hackers find them. - Train and gauge your staff on Cybersecurity Awareness
You’re at risk if your employees can’t spot a phishing email. Training should be quarterly, not once a year. - Implement robust segmentations
Don’t let legacy platforms expose your entire network. Isolate them and control access. - Create and test your incident response plan
Identify each user’s roles in the first hour of a breach. Simulate it. Fix gaps. - Get expert help
Work with a professional cybersecurity company which understands the threats landscape and compliance frameworks in Malaysia, such as Bank Negara Malaysia (BNM) – Risk Management in Technology (RMiT), ISO 27001:2013, PDPA 2010 and others.
Final Thoughts
The MAHB cyberattack was a turning point.
It showed us that no organization is too big—or too essential—to be attacked.
But here’s the truth:The companies that survive aren’t the biggest. They’re the most prepared.
We’re not here to sell fear. We’re here to build resilience.
Cybersecurity isn’t just technology – it’s about staying prepared. Let’s tackle it together.
Condition Zebra have worked with various organisations offering professional cybersecurity solutions and training across all kinds of industries such as financial services (banks and insurance), government ministries and agencies, government-linked companies and others.
Our mission is to combine the right technology with our expertise in information security and risk management to help clients prevent and respond to cybersecurity threats.
Our services include: