PETALING JAYA - The automated teller machine (ATM) hacks at 18 ATMs so far are just the "tip of the iceberg" when it comes to the damage cyber crooks can unleash on Malaysia's financial institutions.
The country's online and mobile banking platforms are a much bigger target for criminals and must be better protected, says a financial security expert.
Security companies, however, say online transactions are safe as long as users take standard safety precautions.
On the other hand, Tim Lau, the Asia-Pacific, Middle East and Africa head for Trusteer, a firm owned by computer giant IBM, said consumer devices used to conduct online and mobile banking transactions such as smartphones, tablets and computers were under a growing threat from sophisticated malicious software (malware).
Criminals can steal money and banking data from customers when they go online to conduct transactions using compromised devices.
"In the wake of these growing attacks on the ATMs, banks should look inwardly to understand better what they really need to have in terms of 'defensive assets' to protect themselves and their customers," said Lau.
Malaysia was part of a regional "zone of opportunity" for financial cyber crooks, he said.
"In Asia, you have multiple countries, multiple currencies and the region has many high-growth countries, all of which makes Malaysia part of an 'emerging market' for these criminals," said Lau.
Deputy Communication and Multimedia Minister Datuk Jailani Johari recently said that cyber criminals had hit Malaysia to the tune of RM1bil in losses last year.
Malaysia, according to the Sophos Security Threat Report 2013, is the fifth most vulnerable country to malware attacks after Indonesia, China, Thailand and the Philippines.
Statistics from industry bodies provided by Lau's firm showed that Malaysia has an average of 17.66 phishing sites per 1,000 host computers.
This is more than three times higher than the global average of five per 1,000 host computers.
A phishing site is a fake website which asks victims to update personal information, such as password, credit card, social security or bank account numbers.
Last week, Federal Commercial Crime Investigation Department deputy director Senior Deputy Comm Datuk Hamza Taib said at least eight people had lost more than RM59,000 (S$23000) this month after their mobile devices were hacked with the "Zeus" malware, which tricked them into providing confidential banking details.
Lau said banks should give more attention to online and mobile banking security because these were growth areas for the industry.
"As time goes on, what we are going to see is a greater level of sophistication in services for online and mobile banking, which is where most banking interaction will take place."
He said all banks in Malaysia had a "basic layer" of protection for their online and mobile banking platforms.
Bank Negara, he added, made it compulsory for all banks to have a certain level of protection for customers.
"However, with the threat becoming more sophisticated, banks need to respond accordingly."
Meanwhile, the police are investigating the possible involvement of bank employees and ATM vendors in the spate of ATM hackings recently.
Commercial Crime Investigation Department deputy director (cybercrime and multimedia) Senior Asst Comm Mohd Kamarudin Md Din said: "We are studying statements recorded from the complainants, security guards, bank staff and the ATM vendors," he said.
A total of 18 ATMs in Johor, Malacca, Selangor and Kuala Lumpur were hacked over the weekend, resulting in losses totalling some RM3mil.