- 5 hours ago
Trend Micro menjangka 2026 menyaksikan peningkatan ketara jenayah siber dipacu AI, termasuk automasi serangan, eksploitasi cloud, deepfake, dan ekosistem scam berskala besar. Laporan ini menghuraikan ancaman utama terhadap perniagaan Malaysia dan langkah mitigasi strategik.
Category
đź—ž
NewsTranscript
00:00AI-powered cybercrime is accelerating sharply in 2026 with Trend Micro warning that cyberattacks are now fully automated, adaptive and
00:09machine-driven.
00:10Tread actors are using AI agents to autonomously scan for weaknesses, break into cloud systems, rewrite malware code in real
00:18-time and even run ransomware negotiations through automated extortion bots.
00:23And hybrid cloud environments, software supply chains and AI infrastructures are expected to be the primary targets, driven by poisoned
00:32open-source packages and overprivileged cloud identities.
00:36At the same time, scammers are weaponizing deepfake voices, AI-generated personas and persistent multi-channel interaction to create AI
00:45-scale scam ecosystems that feel human and hyper-personalized.
00:49Criminals can now clone voices from just seconds of audio and run long from automated conversations across SMS, WhatsApp and
00:58spoof websites, making it far harder formulations, including CEOs and finance teams to distinguish real communications from synthetic ones.
01:08And for that, I welcome you, our guest ready in the studio to help us understand is Sage Kaur, Technical
01:13Director, Trend AI.
01:15I want to say thank you very much, Mr. Sage, for joining me. How are you?
01:18I'm good. Good morning.
01:19All right. We're going to start talking about AI. We know that it's expanding fast and it's getting diverse and
01:25more complex.
01:27But before we dive deep into AI, maybe you can share with us about your organization.
01:33What is Trend AI?
01:35Yeah. Thanks for having me on the show. A very good morning to the audience.
01:39So for the questions, Trend AI has a new brand name for Trend Micro Enterprise Product Ecosystems.
01:44So this transformation actually reflected how our solutions, platform and capability has already evolved.
01:51So now AI is a foundation of how we deliver the proactive intelligence and modern security to cater for today's
02:00complex environment.
02:01So, well, I mean, in short, Trend AI is not a new kid on the block, but it's actually remained
02:08as a business unit under Trend Micro.
02:09So we already have more than 35 years of experience as a cybersecurity leader in the market.
02:16So, well, I mean, stay tuned for more upcoming announcement of this new rebranding process.
02:21All right. This is some of the rules that you have been playing for 30 years for helping business to
02:26navigate AI.
02:27Yes.
02:28And take a look at your 2026 prediction reports, ones that criminals are using AI for smarter attacks.
02:35But how does, what does this actually look like for businesses in Malaysia, especially for banks and even hospital?
02:42Yeah. Thanks for the question.
02:43So what we are seeing now is that the industrialized of cybercrime.
02:47So AI can actually now scan the network, spot vulnerabilities and even launch an attack at machine speed.
02:54So attackers are even using the autonomous AI to run parts of the attacks.
02:58So for sectors like banks and also hospitals where we know that the data is highly variable.
03:04So this means that the attack can happen even more rapidly and at a bigger scale.
03:09So this has also lowered the entry barrier of cybercrime campaign where even individuals like you and me, probably without
03:16any technical skill, right, they can also launch the attack.
03:20Yeah.
03:21The attack is getting bigger and faster.
03:23And definitely we need to find protection.
03:26We need to get more in safety mode.
03:28But how does this criminals using AI to send more convincing scams, ransomware, even like scam in office message?
03:39Exactly.
03:40So, I mean, instead of the hacker, you know, performing all this hacking manually by human, right?
03:46So now the AI has autonomous the entire attack chain.
03:50So it can actually study the victim's social media, like, for example, LinkedIn, right?
03:54So mimicking the trusted contact generates highly convincing phishing emails.
04:01So when the attacker actually gets access to the victim's environment, it can seamlessly move around and actually steal data
04:08and even in the end launching the ransomware attack.
04:10So all by the AI on its own.
04:13So it is really a cybercrime at scale and also autonomous right now.
04:18Autonomous, that is very dangerous because we know that AI can now clone voices and even create fake videos.
04:26But how real is this threat for CEOs and organizations especially that can give real threat, especially for the finance
04:34team also?
04:35Yeah.
04:35So according to Cybersecurity Malaysia, since the early of 2024,
04:40the police has already investigated into more than 450 deepfakes or even the AI voice cloning scams.
04:48So, I mean, with the losses exceeding 2.7 million.
04:52So deepfakes are definitely becoming a serious risk because AI can now clone voices and generate realistic video like we've
05:00seen on the social media.
05:01We cannot even differentiate whether it's a fake AI or not.
05:05So attacker can, with that, right, attacker can impersonate the executive or even the trusted contact in the organizations to
05:12trick employee into transferring money or even revealing the sensitive information.
05:17As such, the, I mean, tools is becoming easier to access.
05:21So organizations must rely on verification process rather than a trust voice alone.
05:27And this is the real threat and the risk of how easy CEOs and even finance team can be tricked
05:34by deepfake, deepscans, deepscans.
05:37And based on the prediction report also, it mentions that cloud system could be the biggest source for serious cyber
05:44incidents by 2026.
05:46But what are the common mistakes that organizations like, for example, leaving the door that's easy for hackers to enter?
05:54Yeah, talking about cloud, right, the risks aren't really the exotic zero days or malware or even the hacking, mainly
06:02on the misconfiguration.
06:03Because, for example, like an exposed storage bucket that accidentally leaks a customer, the confidential data or intellectual property data.
06:12And on the other hand, probably is the leak API hardcoded in the GitHub repository.
06:17You know, the attacker can actually use that to access to the cloud environment without any, you know, so-called
06:23hacking required.
06:24Probably another one would be over-permissive IAM rules, right?
06:29Because if a single compromised administrator, it can actually unlock everything in the so-called victim's environment already.
06:36So I would say that the cloud is really driven by identity and API.
06:41Rather, the attacker, if they get the credentials, they do not need to hack in, they will just ride through
06:46the front door.
06:47Oh, okay.
06:48That is very important for us to understand and acknowledge this.
06:53And from, we know that also to identify a problem, we can also start with identify from the sectors.
06:59That are probably an easy target or what makes them sexy, be attracted by mostly of the hackers.
07:04But which sectors in Malaysia are more prone to risk of AI?
07:07Well, I mean, similar to other countries, the industries that run critical services like, for example, finance, health care, telcos,
07:16even the governments, right, are usually the most attractive targets.
07:20I mean, these sectors hold valuable data.
07:22They also operate systems that the society is depending on, which makes them the prime target for both cyber criminals
07:29and also espionage.
07:30So, hence, they are considered the NCII, we call it, the National Critical Information Infrastructures, which cover under the Cybersecurity
07:39Act 2024 as well.
07:41Okay.
07:41That is also the policy.
07:43Yes.
07:44That every CEO and finance team need to adapt also.
07:48And also, can share with us, if attackers are leveraging on AI for scams, for, actually, for a lot of
07:57scams can be multiple,
07:58can go for loss of information, loss of profit.
08:03But from this, should the CEOs or organizations of companies start aggressively investing in more cybersecurity?
08:12Yeah.
08:12So, Nina, we know that enterprises now want to do more or less, right?
08:16But, of course, based on our predictions on 2026, the single most important investment is to have a comprehensive AI
08:23part with the Cyber Risk Exposure Management Platform,
08:26which it can help to keep up the pace of end-to-end digital assets discovery and visibilities.
08:32At the same time, continuous attack surface monitoring, and with that, measuring the risk index, which enabling the risk communications
08:41among the peers in the organizations.
08:44So, with this foundation, it's actually support informed security investment decision,
08:50and at the same time, help the organizations to balance rapid technology adoptions with the rigorous protections.
08:57So, even better, with AI now, we can even predict what kind of attack path is possibly in the victim's
09:04environment, right?
09:04And even, you know, with AI help again, with the data that's collected via the platform, we usually call it
09:11the digital twins.
09:12So, we can actually do an AI rate teaming or assessment.
09:16So, how good is our defense systems are?
09:19So, that's what we can do with that.
09:21That's very important.
09:22We also need to go through how good is the defense system.
09:26We cannot just build one, but we also have to evolve just like as a hacker also need to evolve.
09:31But based on your experience for company directors and board members who's watching this,
09:37what are some of the critical advice or steps that you would advise them or ask their IT team and
09:45even about AI or cyber risk?
09:47What are some of the things that these are things that you guys should know and implement?
09:50Yeah, there are many, many questions to ask, right?
09:53But, of course, based on our predictions, again, the board should actually ask three very important questions.
10:00First, do we have full visibility across our cloud assets and also digital assets?
10:04Because we can't defense what we don't know, right?
10:07Second of all, I mean, are we still relying on the outdated legacy systems?
10:12If we need to, because due to, you know, the legacy application needs to run on,
10:17so do we have a patch management strategy around it?
10:21Because we do know that the bridge often starts with a single vulnerabilities, right?
10:27And lastly, due to the adoptions of AI tools or even AI-generated code tools, right?
10:34So do we have any guardrail around it, right, around this adoption?
10:38So that is very important questions to ask the team as well.
10:41Right, visibility, updated, and also adoption of the new generated codes and even tools.
10:50With the new Cyber Crime Bill, as Mr. Sage set to table in Parliament in March,
10:57what are some of the key changes in Malaysia that businesses can expect?
11:01Yeah, so I think the last Computer Crime Act was actually introduced back in 1997.
11:08So it's already outdated from the perspective of technology, right?
11:12So it is always encouraging to see government actually introducing this modern Cyber Crime Bill
11:17that strengthen Malaysia's ability to investigate at the same time to prosecute the digital crimes.
11:22So, and also ensuring our legal framework, keep pace with today's technology landscape,
11:29especially the misuse of AI and also the deep faith.
11:32So, I mean, this work alongside hand-in-hand with Cyber Security Act 2024 as well,
11:37which that one will be more focusing on protecting the sectors that operate our NCII,
11:42the National Critical Information Infrastructures.
11:45But, I mean, with legislations alone cannot stop the crime, you know, overnight, right?
11:52So organisations and individuals should always continue strengthening their cyber security strategy
11:57and also awareness as well.
11:59And we come to the big question.
12:01Is actually Malaysia ready to manage AI-driven cybercrime in this one?
12:07Yeah, so Malaysia is making good progress, of course, right,
12:11with the awareness programme such as Awani, you know, the public is very, very, I mean, encouraging.
12:18But, of course, we are not fully there yet.
12:21The challenge is that the cybercrime has become more industrialised, right?
12:25So whereby it also lowering the barrier of attack, we're allowing, you know, to scale very quickly.
12:32So at the same time, many organisations still dealing with legacy systems, complex supply chain.
12:37So I think moving forward, we need to shift from reactive security to a more proactive approach,
12:43continuously monitoring, better visibility, stronger, resilient across the entire digital ecosystem is very important.
12:51So let's fight AI with AI.
12:54Let's fight AI with AI.
12:56Other than that, what some of the urgent call to action would you tell businesses for that heading for 2026,
13:03what would it be?
13:04Yeah, so I think the adoptions of AI is real, right?
13:07So, but AI is a double-edged sword, right?
13:10As it transforms the business, at the same time, it is also transforming the cybercrime as well.
13:15So the organisations who succeed are those that build the security into every stage of the digital transformations, right, of
13:23the company.
13:24I think cyber security is no longer just an IT department issue.
13:29Or rather, it should be a leadership decision already, right?
13:32Organisation leaders should come together communicating the cyber race as the businesses.
13:37So the questions shouldn't be when will we get attacked.
13:41Rather, you know, how fast we can actually see their response to it.
13:45This is definitely, it's not only how AI is writing cybercrime, cyber security in 2026, but we are going to
13:51see this for the long haul.
13:52Oh, yes.
13:53Again, I want to say thank you very much to SageCore, the technical director, Trend AI, and definitely all of
13:57our discussion here will be featured in all of our website.
14:00And again, hope, I will wrap up our discussion is, for cyber security, is how can we fight AI with
14:07AI with a better plan, with better defence.
14:10Definitely.
14:10Again, I want to say thank you very much.
14:11And definitely all of our discussion here will be featured in astronomy.com and across all social media platforms.
14:17Please stay tuned with us as Niaga Awani will be taking a short break and we'll be right back.
Comments