Vietnam, Thailand, the Philippines, Singapore, Indonesia, and Malaysia are among the most targeted countries

In 2024, Southeast Asia experienced twice as many cyberattacks as in 2023. Among the most affected countries over the past two years were Vietnam, Thailand, the Philippines, Singapore, Indonesia, and Malaysia. The most targeted sectors included manufacturing, government institutions, and finance. These insights are based on Positive Technologies' analysis of cyberthreats impacting ASEAN (the Association of Southeast Asian Nations) in 2023 and 2024.

Southeast Asia is a region with a rapidly growing digital economy and widespread adoption of new technologies. ASEAN's digital transformation and growing geopolitical significance have made them a top target for cybercriminals. In fact, 67% of recorded incidents over the past two years occurred in 2024.

Darya Lavrova, Senior Analyst at Positive Technologies' International Analytics Group, noted: "Organizations and individuals should brace for new types of scams. For instance, in the Asia-Pacific region, cybercriminals are increasingly using generative AI. Between 2022 and 2023, the number of deepfakes surged by 1,530%. We also anticipate a rise in cyberattacks involving QR codes. These attacks could trick users into downloading malware or redirect them to malicious websites. QR code scams are already widespread in China, and this trend is likely to expand to other Asian countries, including those in Southeast Asia."

Nearly all cybercrimes—92%—targeted companies, with 66% of these attacks leading to the theft of sensitive data. The most commonly stolen information included personal data (34%) and trade secrets (26%).

The primary points of entry for attackers were computers, servers, and network equipment (69%), while people and web resources were targeted less often (21% and 17%, respectively). Small and medium-sized businesses were especially vulnerable due to insufficient cybersecurity measures.

Based on the Positive Technologies' research, the most frequently targeted sectors were manufacturing companies (20%), government institutions (19%), and financial organizations (13%). However, in Singapore, IT companies were the top targets (17%). Singapore's rise as a global tech hub has likely made it an attractive target for cybercriminals, whether they're after confidential information on cutting-edge technologies or looking to exploit IT companies' infrastructure to attack their clients.

Individuals were targeted in 8% of all successful attacks, more than half of which (54%) were aimed at mobile devices, 46% targeted users directly, and 23% involved computers, servers, and network equipment. Positive Technologies' analysis of the dark web revealed that in most cases, criminals sold stolen phone numbers and national IDs.

Malware was the most common method used in successful attacks on organizations (61%); it was primarily distributed via email (47%). Cybercriminals also employed social engineering tactics (24%) and exploited vulnerabilities (21%). Similar trends were observed in attacks on individuals, with malware accounting for 69%, social engineering 46%, and vulnerability exploitation 23%. Experts do not expect significant changes in attacker methods in the near future.

Given the region's rapid digital growth, evolving geopolitical dynamics, regulatory frameworks, upcoming large-scale events, and recent cyberincidents paired with dark web statistics, Positive Technologies predicts a continued rise in cyberattacks targeting ASEAN countries. The top six most targeted nations are expected to remain unchanged, but the focus will likely shift toward the Philippines due to the upcoming presidential elections and heightened activity from hacktivist groups. Additionally, both the Philippines and Singapore may experience an increase in attacks targeting cryptocurrency asset holders.

To address these challenges, Positive Technologies advises organizations to prioritize building cyber resilience by identifying their critical assets and defining non-tolerable events. To promptly detect cyberthreats and respond effectively, companies should implement SIEM solutions in conjunction with XDR and NTA systems. Raising cybersecurity awareness among the population is essential to mitigating risks caused by human error.

The full report on current cyberthreats to Southeast Asian countries is available on the Positive Technologies website.