Malaysia’s emerging hybrid organised crime threat

 Cybercrime is no longer a digital threat, as it increasingly overlaps with organised crime, coercion and national security risks.

From P Sundramoorthy

The growing convergence between cybercrime and the threat of physical violence should be of serious concern to Malaysian authorities.

Traditionally, cybercrime in Malaysia was associated with online fraud, phishing, identity theft, hacking and financial scams. However, regional and international developments show that cybercriminal syndicates are increasingly willing to employ intimidation, coercion, extortion, human trafficking and physical violence to protect their operations and maximise profits.

This reflects a dangerous transformation of cybercrime from a purely digital offence into a hybrid organised crime threat with real-world security implications.

Malaysia is particularly vulnerable because of its rapid digitalisation, expanding e-commerce ecosystem, high internet penetration and growing dependence on online financial systems.

Authorities have acknowledged that cyber threats are becoming increasingly sophisticated.

The proposed Cybercrime Bill, intended to replace the Computer Crimes Act 1997, reflects growing concern over AI-enabled scams, deepfakes, ransomware and organised cyber syndicates.

Statistics released by local authorities also show an alarming increase in online fraud and scam activities, with billions of ringgit lost annually.

More worrying is the fact that cybercrime has evolved into an industry across Southeast Asia.

Scam compounds operating in neighbouring countries such as Cambodia, Myanmar and Laos demonstrate that cybercrime is no longer conducted by isolated individuals behind computers.

Many operations now resemble transnational organised crime networks involving forced labour, human trafficking, physical abuse and armed protection.

This trend should serve as an early warning for Malaysia because organised criminal ecosystems do not respect national borders.

Malaysian enforcement agencies are already encountering signs of this evolution. Large-scale raids under Op Taring, Op Belatuk and Op Frontier uncovered sophisticated scam call centre operations involving both locals and foreigners.

These syndicates operated from specially modified residential and commercial premises designed to evade detection, indicating structured criminal enterprises rather than small-scale fraudsters.

Public discussions increasingly describe these syndicates as “franchise-like” networks capable of rapidly replacing arrested operatives and continuing operations with minimal disruption.

The ransomware landscape also demonstrates how cybercrime is evolving into coercive criminality.

Modern ransomware groups no longer merely encrypt data. Many now employ “double extortion” strategies by threatening to leak sensitive information publicly unless victims pay ransom demands.

Internationally, some groups have escalated to threatening employees and executives directly.

As Malaysia’s economy becomes more digitised, local businesses, hospitals, logistics providers, and financial institutions may increasingly become targets of such intimidation tactics.

Another worrying development is the overlap between cybercrime and national security risks. Reports of Malaysian military and civilian data allegedly being offered on the dark web demonstrate the strategic implications of cyber breaches.

Cybercriminals today are not merely after financial gain; stolen data can also be exploited for blackmail, espionage, social engineering and psychological operations. In extreme cases, cyber-enabled threats can undermine public confidence and create panic.

Social media platforms further amplify the threat landscape. Cybercriminals increasingly weaponise these platforms to identify targets, spread misinformation, recruit mule account holders and conduct emotional manipulation.

Romance scams, impersonation frauds and sextortion schemes rely heavily on psychological coercion and social engineering. Victims, particularly vulnerable individuals, often suffer severe emotional and financial trauma.

Malaysia, therefore, cannot afford to treat cybercrime solely as a technological issue. It must instead be approached as a serious, organised crime and national security challenge. Prevention must remain the primary strategy.

First, Malaysia requires stronger inter-agency coordination involving the police, Bank Negara Malaysia, Malaysian Comunications and Multimedia Commission, National Cybersecurity Agency Malaysia, immigration authorities and financial institutions. Intelligence sharing, joint operations and coordinated investigations must become faster and be more integrated.

Second, Malaysia should aggressively target the financial infrastructure supporting cybercrime. Mule accounts, cryptocurrency laundering channels and illegal payment gateways are the lifeblood of these syndicates.

Authorities should strengthen real-time transaction monitoring, tighten know-your-customer requirements and impose heavier penalties on individuals who knowingly rent bank accounts to criminal syndicates.

Third, public cyber literacy must be significantly strengthened. Many Malaysians still lack awareness regarding phishing, AI-generated scams, deepfakes and social engineering tactics. Nationwide awareness campaigns should target students, rural communities, senior citizens and small businesses.

Fourth, Malaysia must strengthen regional and international cooperation. Cybercrime syndicates are transnational by nature.

Cooperation among Asean members, Interpol and foreign intelligence agencies is essential for disrupting criminal infrastructure, tracing financial flows and dismantling cross-border networks.

Finally, Malaysia must invest heavily in cybersecurity talent, AI-driven threat detection systems and digital forensic capabilities. Enforcement agencies must remain technologically ahead rather than merely reacting after incidents occur.

Cybercrime is no longer confined to stolen passwords or online scams. It is evolving into a sophisticated ecosystem in which digital offences intersect with organised crime, intimidation and physical threats.

Malaysia still has an opportunity to act proactively before this threat becomes more deeply entrenched. - FMT

P Sundramoorthy is a criminologist at the Asian Criminological Society and an FMT reader

The views expressed are those of the writer and do not necessarily reflect those of MMKtT.