The rapid pace of technological advancement and digital economic growth, along with the adoption of innovative solutions, are key factors shaping the global landscape of digital transformation. Southeast Asian countries are demonstrating a strong commitment to achieving leadership in this sphere, both in Asia and globally.

However, cybersecurity challenges remain a major global barrier to achieving digital leadership, with their scope widening as the digital economy continues to grow. This report explores the state of cybersecurity among the member states of the Association of Southeast Asian Nations (ASEAN), which includes Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.

The precise goals of this report are as follows:

• Assess the current cybersecurity landscape in the region for 2023–2024.
• Define common cyberthreats and vulnerabilities.
• Highlight specific cyberthreats targeting the most frequently attacked countries.
• Forecast potential cyberthreats for Southeast Asian countries.
• Provide recommendations for ensuring cybersecurity for governments and businesses.
   

• Southeast Asia is a region with a rapidly developing digital economy and widespread adoption of innovative technologies, making it a prime target for cybercriminals. The growing number of cyberattacks highlights the urgent need to implement cybersecurity measures at all levels of infrastructure.
• In 2024, the most frequently attacked countries were Thailand (27%), Vietnam (21%), and Singapore (20%), reflecting their high pace of digital development.
• The industrial (20%), government (19%), and financial (13%) sectors were the most commonly targeted fields in the region. Singapore, however, showed a unique trend, with IT companies being the main targets (17%). This can be attributed to its position as a technological hub in Asia, backed by substantial investments in IT infrastructure and a supportive environment for digital technologies, businesses, and startups.
• Malware remains the most commonly used method for attacking both organizations (61%) and individuals (69%), followed by social engineering (24% for organizations and 46% for individuals) and vulnerability exploitation (21% and 23%, respectively). Among malware types targeting organizations, ransomware (28%) and remote access trojans (RATs) (25%) were the most common.
• Data breaches are the most frequent consequence of cyberattacks, affecting both organizations (66%) and individuals (77%). Personal data was the most commonly compromised information, accounting for 34% of successful attacks on organizations and 33% on individuals.
• Cybercriminals frequently sell stolen databases and infrastructure access on dark web forums. Prices range from $20 to $60,000, depending on the amount of data and the importance of the infrastructure. The majority of listings concerned Indonesia (28%) and Thailand (20%).
• The cyberthreat landscape in ASEAN countries is expected to expand, with an increasing number of attacks against Philippines and Singapore. Emerging technologies, such as AI, IoT, and cryptocurrency, are likely to play a significant role in future cyberattacks.
• Governments and businesses in Southeast Asia should focus on improving digital literacy, as it remains the weakest link in cybersecurity. Additionally, they should identify non-tolerable events¹ specific to their industry or organization and adopt modern, efficient cybersecurity solutions.
   

Southeast Asia is a rapidly growing region, with its digital economy projected to become the fourth largest in the world by 2030, reaching approximately $2 trillion. Southeast Asia's economic growth is driven by digital commerce² and the growing demand for information services among a young, educated, and increasingly internet-savvy population, with a rising share of the middle class among them.

The potential of digital commerce is attracting foreign investments, with technology and innovation serving as key drivers. Singapore leads in digital capabilities, ranking fourth globally in the 2024 Global Innovation Index.

Southeast Asia is the fastest-growing internet market in the world, fueled by global demand for online shopping, affordable smartphones, and high internet penetration rates. Every day, 125,000 new users come online across the region. In 2024, Malaysia led ASEAN in internet penetration (over 97%), while Indonesia, the region's most populous country, had the lowest rate (66.5%). Mobile network infrastructure is also developing rapidly, with Singapore, Brunei, and Malaysia boasting some of the highest mobile internet penetration rates globally.
 

The development of the region's information infrastructure is supported at the government level, with ASEAN member states integrating the creation of digital governments into their national digitization strategies. Singapore, for example, ranked third globally (and first in Asia) in the United Nations E-Government Development Index (EGDI) for 2024, excelling in online services, telecommunications infrastructure, and human capital.

In 2024, several ASEAN countries achieved significant progress in digital development: Indonesia, Vietnam, the Philippines, and Brunei moved from the high EGDI group to the very high group, reflecting strengthened digital infrastructure and improved internet connectivity. Countries in the very high EGDI group have advanced data transmission networks, well-trained specialists capable of developing e-government services, and high-quality online services. In 2024, Indonesia expanded digital literacy programs, while Vietnam heavily invested in digital government services, climbing 15 positions in the EGDI rankings compared to 2023. Brunei used advanced information infrastructure to improve government efficiency and public services. The Philippines focused on digital transformation in healthcare, education, and finance, enhancing service quality and citizen engagement.

The region's rising geopolitical importance, adoption of advanced technologies like AI, cloud computing, and blockchain, and growing internet penetration have made it an attractive target for cybercriminals. As a result, cybercrime is on the rise in ASEAN countries. Despite joint efforts such as the ASEAN Cybersecurity Cooperation Strategy 2021–2025 and the establishment of the ASEAN Regional Computer Emergency Response Team (ASEAN CERT), the number of cyberattacks continues to grow. According to FalconFeeds.io, from January to August 2024, Southeast Asia experienced a significant surge in cybersecurity incidents. This increase was driven by the rapid pace of digitization, widespread internet adoption, and rising geopolitical tensions in the region. Between February and August 2024, Indonesia alone recorded an average of 3,300 cyberattacks per week.

As outlined in the 2021 ASEAN Digital Masterplan 2025, the region has been facing several long-term challenges to digital development in 2021–2025. These include a lack of digital literacy among end users, insufficient protection for digital services, and lack of protection for end users. 

2. Digital commerce goes beyond e-commerce, covering every aspect of the customer journey and leveraging digital technologies to create a seamless experience across all touchpoints.

Most countries in the region scored high on the 2024 Global Cybersecurity Index³: Vietnam, Indonesia, Malaysia, Singapore, and Thailand were classified as "Role-modelling," while the Philippines was categorized as "Advancing." However, the number of successful cyberattacks in ASEAN increased compared to 2023, with 67% of all incidents during the two-year period occurring in 2024 alone.

3. The Global Cybersecurity Index measures countries' commitment to cybersecurity using 20 indicators across five key pillars: legal, technical, organizational, capacity development, and cooperation. Countries are ranked within five performance tiers: role-modelling, advancing, establishing, evolving, and building. 

Cyberattack Methods

The most common methods used in successful cyberattacks on organizations were malware (61%), social engineering (24%), and exploitation of vulnerabilities (21%). Similar trends were observed in attacks on individuals, with malware accounting for 69%, social engineering 46%, and vulnerability exploitation 23%.

In cyberattacks on organizations, ransomware and remote access trojans (RATs) were the most frequently used tools (42% and 20%, respectively). For attacks on individuals, banking trojans were used in approximately one-third (33%) of cases.

Email was the most common malware distribution method in attacks on organizations, accounting for 47% of cases.

In attacks on individuals, there is a growing trend of using QR codes to direct victims to fraudulent resources. In 2023, a Singaporean woman fell victim to a cyberattack and lost $20,000 due to an Android banking trojan. The attack began when she scanned a QR code on a store's door, which promised a free drink in exchange for completing a survey. She downloaded and installed a third-party app linked to the QR code, unknowingly installing malware that gave attackers access to her bank account, allowing them to withdraw the funds.

Research by Hoxhunt Challenge revealed a 22% increase in phishing attacks using QR codes in China in H2 2023. Similarly, Abnormal Security reported that nearly 90% of such attacks were aimed at credential theft. Researchers at Cyble observed a rise in QR code-based cyberattacks targeting Chinese citizens in 2024, highlighting a growing trend among cybercriminals to exploit this technology for malware distribution or redirecting victims to malicious websites. This pattern is expected to spread to other Asian countries, particularly in Southeast Asia.

Singapore's Cybersecurity Agency observed that cybercriminals are continuously improving their phishing techniques and tools to make malicious resources appear more legitimate. Over 50% of phishing URLs reported by the agency used the more secure HTTPS protocol, a significant increase compared to just 9% in 2022. Additionally, nearly one-third of phishing websites used the more credible .com domain instead of .xyz, representing a 20% rise from 2022.

Consequences of cyberattacks

In ASEAN countries, cyberattacks on organizations most often resulted in the breach of sensitive information (66% of cases). This primarily included personal data (34%) and trade secrets (26%).
 

At the end of 2023, a breach of General Elections Commission of Indonesia's information system led to the exposure of a database containing personal information on 252,327,304 citizens. The database was offered for sale by attackers for $74,000, with sample records shared as proof of authenticity.

In July 2024, the logistics company Melchers Singapore fell victim to a ransomware attack that resulted in the deletion of 15 GB of sensitive data, including legal documents, financial records, and business contracts.

Analysis of the dark web revealed that attackers often sold victims' phone numbers and national ID numbers following attacks on individuals.

Although direct financial losses are not the most common consequence of cyberattacks on organizations in Southeast Asia, the monetary impact of attacks remains significant. For instance, online fraud in Brunei alone resulted in more than $1.7 million in damages in 2023. By July 2023, economic losses from data breaches in the ASEAN region had exceeded $3 million, up from $2.87 million in 2022. Singapore lost over $385.6 million to cyberscams in H1 2024.

According to IBM's 2024 Cost of a data breach report, the most expensive breaches occurred in the financial services sector (SGD 7.48 million), followed by the industrial sector (SGD 5.62 million) and the technology sector (SGD 5.5 million).

Cyberattack targets: organizations and industries

In Southeast Asia, 92% of cyberattacks targeted organizations, while only 8% were directed at individuals. Among cyberattacks on organizations, the primary targets were computers, servers, and network equipment (69%), followed by personnel (21%) and web resources (17%). For attacks against individuals, more than half (54%) targeted mobile devices, 46% targeted users directly, and 23% involved computers, servers, and network equipment.
 

A study by ERIA in ASEAN countries found that only 68.5% of small businesses use specialized software to protect their infrastructure from cyberattacks. Small and medium-sized enterprises (SMEs) are particularly vulnerable due to their limited technical resources for combating cyberthreats.

The most frequently targeted sectors were manufacturing companies (20%), government institutions (19%), and financial organizations (13%).

Data from underground forums largely aligns with cyberattack statistics. However, there are relatively few posts on the dark web concerning manufacturing companies in ASEAN countries. In contrast, posts about trade and financial organizations are more prevalent, accounting for 10% and 9% of posts, respectively. This occurs because financial and trade organizations store large volumes of personal and payment data, which cybercriminals can easily monetize.

Manufacturing companies

Non-tolerable events in the industrial sector carry risks of disrupting production operations and causing technological disasters with potentially irreversible consequences.

The most frequent outcome of cyberattacks on industrial organizations in ASEAN member countries is the breach of confidential information (74%). In 29% of cases, cybercriminals gained access to trade secrets, 21% involved the theft of personal data, and another 13% involved the compromise of account credentials. For example, in August 2024, a cyberattack on Nidec Precision Vietnam Corporation, a subsidiary of the Japanese electric motor manufacturer, resulted in attackers gaining server access through compromised VPN credentials. Over 50,000 files were stolen, including internal documents, contracts, and correspondence with business partners. VPN access to industrial infrastructure in ASEAN countries is also commonly sold on dark web forums.
 

In 74% of cyberattacks on manufacturing companies, malware was used, with ransomware being the most commonly deployed tool (67%). Malware was mainly distributed by compromising computers, servers, and network equipment.

A ransomware attack on the Philippine construction company Suntrust Properties resulted in the breach of approximately 1 TB of data, including confidential information and SQL databases. Data samples released by cybercriminals included employee and client IDs from the Professional Regulation Commission, government-issued IDs (driver licenses and police IDs), legal documents like real estate transaction agreements and buyer consent forms, as well as SQL databases containing corporate data related to real estate transactions.

A significant number of cyberattacks involved exploiting vulnerabilities (15%) and credential compromise (7%). These figures may indicate insufficient protection of industrial infrastructure, including improper security configurations and the use of outdated software.

The rapidly growing industrial IoT market in Southeast Asia, with a projected compound annual growth rate of 19.1% from 2023 to 2030, is shaping the cyberthreat landscape. This growth is fueled by government initiatives and significant investments in Industry 4.0 technologies. IoT devices are often the weakest link in infrastructure, which makes them a common entry point for attackers. Security issues in industrial IoT can arise from endpoint devices (such as sensors and industrial controllers), specific data transmission protocols, and IoT gateways.

Government

Government institutions are a prime target for cybercriminals worldwide, and Southeast Asia is no exception. Attackers are particularly drawn to these organizations because they handle vast amounts of valuable information, including citizens' personal data and information of national significance. In 72% of cyberattacks on government institutions in the region, confidential information was leaked, while 28% of attacks disrupted core operations. In March 2024, the website of the House of Representatives of the Philippines suffered a massive DDoS attack. Between 8 and 9 a.m., the server received 53 million requests, and within seven hours, that number exceeded 480 million.

In September 2024, a major data breach affecting two million individuals was reported at Vietnam's Social Security Administration. The stolen data, including 12-digit identification numbers, was posted on a dark web forum and sold for $600.

In most cases of attacks, criminals stole personal information (31%) and trade secrets (27%). On dark web marketplaces, our experts identified listings offering data from the Ministry of Health (Malaysia), the Ministry of Justice and Human Rights, the Nuclear Energy Regulatory Agency (Indonesia), and the Ministry of Agriculture and Cooperatives (Thailand), among others. The price of stolen data varied depending on its amount and value. For instance, data stolen from Thailand's Ministry of Agriculture and Cooperatives was priced at $5,000.
 

Malware was the most commonly used method in cyberattacks on the government, responsible for 68% of successful incidents. In 80% of cases, it was distributed via email. Remote Access Trojans (RATs) were used in 33% of all malware-related attacks, while loaders accounted for 29% and ransomware for 17%.

A notable example of a ransomware-related incident was the cyberattack involving the Brain Cipher program, which disabled the servers of Indonesia's Temporary National Data Center. As a result, 210 government institutions were affected, including immigration services at Soekarno-Hatta International Airport. The attack disrupted passport control operations, event permit service, and several other online services.

The dark web contains numerous posts about breaches of government information systems, including Indonesia's BPOM (equivalent to the Food and Drug Administration), Vietnam's Commune People's Committee Electronic Information Portal, and Thailand's Education Service Area Office. This highlights the lack of adequate cybersecurity for digital services, as outlined in ASEAN's Digital Master Plan through 2025.
 

Breaches of confidential information in government institutions attract not only financially motivated cybercriminals but also those driven by non-financial motives, such as hacktivists aiming to publicly express political or social views, as well as cybercriminals looking to showcase their skills. As a result, advertisements for both the sale and free distribution of stolen data make up more than half (58%) of all listings on dark web forums—38% offering data for sale and 20% distributing it for free. 

Criminals who release stolen data for free are often either hacktivists or members of criminal groups trying to build their reputation.

Non-tolerable events in the public sector carry significant risks, such as eroding public trust in government digital services and destabilizing government operations. These breaches can escalate political tensions across the region and substantially raise public administration costs.

4. The "statement" category consists of dark web posts where cybercriminals share their intentions, such as plans to target specific organizations, or disclose successful cyberattacks.

Financial institutions

The rapid growth of the fintech sector is a key driver of the region's digital economy transformation. In 2024, while fintech sector funding in North America and Europe dropped by over 35%, Southeast Asia saw a decrease of less than 1% during the first three quarters of the year.

The high level of digitalization in financial institutions, compared to other sectors, requires threat actors to use more sophisticated methods. Consequently, financial organizations face a wider range of targets than government institutions. The main targets are computers, servers, and network equipment (39%), followed by web resources, employees, and mobile devices, each making up 17%.

Cyberattacks on financial institutions come in many forms. Hackers often take advantage of employees' limited digital knowledge and exploit security weaknesses. For example, in July 2023, hackers used phishing emails, DDoS attacks, and malware to breach the systems of a Vietnamese bank. The attack led to the exposure of employee data and caused financial losses of around $420,000.

Attackers' focus on financial institutions is evident in their activity on dark web forums, where 21% of all advertisements for purchasing databases or access are related to these organizations. 

Financial institutions rank second in the number of data-sharing advertisements on the dark web, making up 28% of such posts. This is slightly higher than data sale advertisements, which account for 26%.

The impact of non-tolerable events in the financial sector goes beyond direct financial losses for organizations and individuals. Compromised customer data from banks, insurance companies, and other financial institutions becomes a valuable asset for cybercriminals, facilitating targeted cyberattacks. Notably, 50% of successful cyberattacks on financial organizations result in the breach of sensitive information.

22% of successful cyberattacks on financial institutions led to operational disruptions. For example, a cyberattack on VNDirect, one of Vietnam's largest brokers, forced the company to suspend its operations, leading to both financial and reputational damage.

From 2023 to 2024, Vietnam and Thailand accounted for 25% of all cyberattacks in the region, followed by the Philippines with 20%, Singapore with 18%, Indonesia with 13%, and Malaysia with 10%. In 2024, the focus of cyberattacks shifted toward Indonesia, Thailand, and Singapore.

Indonesia's high level of cybercrime is likely due to weak protection for the government, businesses, and individuals, largely caused by low investment in cybersecurity. According to consulting firm Kearney, Indonesia's cybersecurity budget as a percentage of GDP (0.02%) is the lowest in Southeast Asia. These issues are made worse by the country's fragmented regulatory framework. Current personal data protection laws lack clear guidelines for responding to data breaches. For example, there are no procedures for notifying the public about breaches, coordinating with government agencies, or helping businesses, consumers, and organizations improve their cybersecurity. At the same time, Indonesia is a major hotspot for cyberthreats in the ASEAN region. According to data from Check Point, the country ranks highest in cryptocurrency mining, botnet activity, mobile malware, and information-stealing cyberattacks.

The increase in cyberattacks on organizations and individuals in Thailand is likely caused by a mismatch between the rapid digitalization of critical industries and the population's low level of digital literacy. According to the Thailand Cyber Wellness Index 2024, many Thais are unaware of the risks associated with ransomware attacks, public Wi-Fi usage, and weak passwords. This lack of awareness is reflected in poor cybersecurity practices within organizations, including outdated software, missing or misconfigured security measures, and inadequate protective strategies. Notably, the number of security incidents involving servers located in Thailand increased by over 203% in Q2 2024 compared to Q2 2023.

In Singapore, the increase in cyberattacks, particularly ransomware incidents, can be partly attributed to companies' willingness to pay ransom demands. Reports show that 64% of Singaporean companies targeted by ransomware attackers chose to pay the ransom to regain access to their data. This willingness to pay likely encouraged cybercriminals to target the region with ransomware attacks. In April 2024, the Singapore branch of the law firm Shook Lin & Bok fell victim of a ransomware attack, paying the attackers 21.07 Bitcoin across three transactions. At the time, this amounted to approximately $1.4 million. According to research by Cohesity, a company specializing in data protection, 36% of Singaporean businesses that paid ransoms spent at least $500,000.

The majority of dark web advertisements related to ASEAN countries (20%) involve Indonesia. This is likely due to the insufficient financial and regulatory support for securing organizations and digital services in Indonesia, resulting in a high number of data breaches.
 

Thailand and Vietnam also ranked among the top three countries by the number of advertisements on dark web forums, with figures slightly lower than Indonesia's (22% and 17%, respectively). Throughout 2023, there was a high number of advertisements related to Malaysia, although this began to decline in Q2 2024. During the period covered by this research, Malaysia ranked fourth in the number of advertisements on dark web forums (15%), just slightly behind Vietnam.

The large number of advertisements related to Malaysia stems from the country's consistently high rate of data breaches, with cybercriminals exploiting these incidents to sell stolen data on the dark web for financial gain. According to Dutch cybersecurity company Surfshark, 152 accounts are breached per 100 people on average in Malaysia, which is significantly higher than the regional average of 55 breached accounts per 100 people. Surfshark ranked Malaysia fourth in Southeast Asia and 31st globally in terms of the number of compromised accounts.

The most frequently targeted countries in Southeast Asia are those with advanced digital economies and robust information infrastructures. Below is the overview of the cyberthreat landscape in the six most targeted countries, focusing on the top three most attacked industries in each and the main consequences of cyberattacks.

Malaysia

Malaysia faced not only a high number of data breaches from cyberattacks but also a growing number of online fraud cases. In 2023, 34,495 incidents of online fraud were recorded—nearly double the figure from 2019 (17,668 cases). According to IDC research, more than half (54%) of Malaysian organizations identify phishing attacks as a key security concern. Other threats include ransomware attacks, unpatched vulnerabilities, and attacks targeting IoT devices.

Manufacturing companies in Malaysia were the most affected by cyberattacks (31%), followed by financial institutions and government agencies (23% each). The industrial sector, especially in semiconductor manufacturing, consumer electronics, and electronic components, is a key pillar of Malaysia's economy. Its growth is closely linked to automation and emerging technologies like IoT and artificial intelligence. The extensive use of IoT may be a factor in the high rate of successful cyberattacks on manufacturing companies.
 

In most successful cyberattacks against Malaysian organizations, attackers used malware (85% of cases), especially ransomware, as well as social engineering tactics (23% of cases). One high-profile ransomware incident occurred in 2024, targeting BIG Pharmacy, a leading retail pharmacy chain in Malaysia. Cybercriminals stole approximately 50 GB of sensitive data, including laboratory reports, medical certificates, prescriptions, and invoices, posing a serious threat to patient privacy.

Phishing emails were often used to spread ransomware. For example, Malaysia's Industrial Development Finance Corporation was hit by a ransomware attack. The organization warned about the dangers of dealing with unknown or unverified sources, suggesting that the attackers may have used social engineering tactics.

The large number of successful ransomware attacks helps explain why data breaches are the most common consequence of cyberattacks in Malaysia, accounting for 77% of reported incidents. One of the biggest data breaches in 2024 targeted Telekom Malaysia, a leading telecommunications company. The attackers accessed 20 million user records, including national identification numbers, addresses, marital statuses, and religious beliefs. They also allegedly obtained technical documentation detailing the structure, design, and functionality of the company's customer database system.

Malaysia's cybersecurity regulations show promise, with laws and policies being regularly updated. On August 26, 2024, the Cyber Security Act 2024 came into effect. It establishes clear standards, measures, and processes for handling cybersecurity incidents across 11 sectors identified as part of the country's critical national information infrastructure. These regulatory measures have helped reduce data breaches, as observed starting in Q2 2024. However, achieving national-level cybersecurity remains a complex challenge that requires a coordinated and comprehensive approach. One key priority is enhancing digital literacy across the population. The Malaysian government has highlighted a shortage of qualified cybersecurity professionals in the region and is planning to introduce several initiatives to develop talent in the field and attract international experts to the country.

Indonesia

Indonesia is rapidly digitalizing, but this progress is happening alongside limited cybersecurity funding and a fragmented regulatory framework. Many organizations remain unprepared to protect their systems and data from cyberthreats. According to the Cisco Cybersecurity Readiness Index⁵, only 12% of surveyed Indonesian organizations at the mature stage of their cybersecurity readiness, while nearly half (47%) are still at the formative stage.

During the analyzed period, manufacturing companies in Indonesia were the most frequently attacked, accounting for 31% of successful incidents. Government institutions and financial organizations followed closely, each making up 23% of attacks.
 

As the industrial sector undergoes digital transformation, IoT solutions are increasingly being used to automate production. However, integrating IoT devices into company infrastructure may expand the attack surface, making organizations more vulnerable to non-tolerable events.

As in other Southeast Asian countries, malware was the most common method used in successful cyberattacks on organizations in Indonesia, accounting for 77% of incidents. Ransomware was involved in over half (55%) of these attacks, followed by remote access tools (18%). In November 2024, Fuji Electric Indonesia suffered a ransomware attack that disrupted several servers and personal computers in the company's local network. The company also reported that sensitive information about its business partners might have been exposed. By the end of 2024, ransomware attacks also targeted LINE Bank, PT Pertamina (an Indonesian oil and gas company), and Bank Rakyat Indonesia, one of the region's largest commercial banks.

In Indonesia, data breaches were the most common consequence of attacks against organizations, making up 62% of incidents. Business disruptions followed, accounting for 23%. In February 2024, a ransomware attack on the Indonesian site of Varta, a battery manufacturer for the automotive, consumer, and industrial sectors, forced the company to shut down IT systems and disconnect them from the internet. This led to disruption to production, as well as to administrative processes.

The rapid development of digital technologies in Indonesia highlights the urgent need for stronger cybersecurity measures. The rise of generative AI in cyberattacks is expected to increase financial fraud in the future.

Philippines

The Philippines' high volume of cyberattacks is caused not only by increasing digitalization but also by geopolitical factors. NO Research by Resecurity reported a 325% surge in malicious cyber activity in early 2024 driven by hacktivist groups aiming to undermine trust in government institutions.

Government institutions were the most targeted, making up 38% of all successful cyberincidents. The Philippine government institutions targeted by cyberattacks included the Philippine Statistics Authority, the Department of Science and Technology, websites of the Senate and House of Representatives, the Disaster Risk Reduction and Management Office under the Department of Information and Communications Technology, the Firearms and Explosives Office of the Philippine National Police, the Department of Energy, and others.

The most common attack methods in the Philippines were malware (55%) and vulnerability exploitation (34%). Following the discovery of a security breach, the Philippine National Police suspended all online services for issuing firearm licenses and permits. The attack compromised the database of the Firearms and Explosives Office.

As with the rest of Southeast Asia, data breaches were the most frequent consequence, accounting for 55% of incidents. Personal data was the most commonly stolen, making up 32% of cases. According to Surfshark, over 385,000 data leaks were reported in the Philippines during the first half of 2024 alone.

Singapore

Singapore boasts one of the highest levels of digitalization in Southeast Asia. Thanks to government initiatives like the Smart Nation Initiative, the country has successfully digitized public services, offering citizens online access to a wide range of governmental resources. The country is also home to over 4,200 multinational companies, making it a regional business hub. Singapore's status as a hub for regional and international conglomerates, paired with its advanced digitalization and a trend of organizations paying ransoms, has turned it into a prime target for cyberattacks in 2024.

Compared to the other three most targeted countries in the region, Singapore shows a different pattern of cyberattack victims. Singapore is rapidly transforming into a global technology hub, home to a significant number of tech giants. Unsurprisingly, IT companies have become the most targeted sector for cyberattacks, accounting for 17% of incidents, followed by manufacturing companies at 13%.
 

Cyberattacks on IT companies are often driven by hackers seeking to steal valuable confidential information about cutting-edge technologies, innovations, and development secrets. In some cases, attackers aim to exploit an IT company's infrastructure as an entry point to compromise its clients. For example, in July 2024, a breach of IT service provider Ezynetic exposed the personal information of approximately 128,000 borrowers linked to a dozen licensed moneylenders.

Exploitation of vulnerabilities (38%) ranked as the second most common method of attacks on organizations, following malware usage (54%). This trend reflects the region's high level of digitalization but insufficient protection of information systems and services. According to Singapore's Cybersecurity Agency, many systems were compromised as early as 2023 by outdated malware that could have been easily detected by modern antivirus software.

Cryptocurrency organizations are also frequent targets. In September 2024, criminals hacked the hot wallet⁶ of the Singaporean crypto exchange BingX, stealing over $44 million. Affected blockchains included Ethereum (ETH), Binance Smart Chain (BNB), Base (BASE), Optimism (OP), Polygon (POLYGON), Arbitrum (ARB), and Avalanche (Avalanche).
In 58% of cases, the primary consequence of cyberattacks in Singapore was the breach of confidential information. In the public sector alone, data breaches rose by 10 percentage points in 2023 compared to 2022, according to the Ministry of Digital Development and Information. This increase is attributed to the growing number of digital services in the country.

Vietnam

Vietnam is striving for self-sufficiency⁷ in the digital sector, particularly in information and communication technologies, while also working to strengthen international cooperation in cybersecurity. In 2022 and 2023, Vietnam boasted the fastest-growing digital economy in ASEAN, a trend expected to continue at least until 2025. This digital growth extends to cybersecurity, with Vietnam aiming to become one of Asia's leading hubs for information security and cybersecurity by 2030.

According to Viettel Threat Intelligence, the first half of 2024 saw an increase in cybersecurity threats in Vietnam, and this trend continued into the second half of the year. During this period, 92% of cyberattacks targeted organizations, while 8% affected individuals. Financial institutions (26%) and government organizations (23%) were the most frequently targeted sectors.
 

The most common methods used by attackers were malware (84%) and social engineering (39%). Ransomware attacks have also been on the rise, with Vietnam recording nearly 10% more incidents in 2023 compared to 2022. As of June 2024, Vietnam ranks third globally among 10 countries most affected by ransomware attacks, behind Israel and South Korea.
In Vietnam, as in the rest of Southeast Asia, the most common outcome of cyberattacks was the leakage of sensitive information, occurring in 68% of successful incidents.

Cybercriminals primarily targeted trade secrets (25%) and credentials (21%), while personal data was slightly less targeted (18%). In H1 2024, the volume of data encrypted during cyberattacks on Vietnamese organizations reached 3 TB, with an estimated financial loss exceeding $10 million USD. Viettel reported 46 data breaches in this period, involving the sale of 13 million records, including over 12.3 GB of software source code. The leakage of software source code and confidential information about new products emerged as major global trends in the first half of 2024. In Vietnam, the number of stolen personal records during this period was 50% higher than in the same period in 2023.

Malware remained the most common attack method in Thailand (59%), followed by vulnerability exploitation (29%), indicating issues such as the use of outdated software and insufficient security measures for digital systems and services.

A notable incident involved Daikin Industries, a leading company in Thailand's air conditioning sector, which fell victim to a ransomware attack. The breach, discovered in November 2024, exposed approximately 838 GB of confidential data.

In 62% of cases, cyberattacks on organizations and individuals in Thailand resulted in the breach of sensitive information, with personal data being the most commonly compromised (58%). According to Statista, over 690,000 data leaks were reported in Thailand during Q3 2024, a sharp increase compared to approximately 166,000 in Q3 of the previous year. 

Forecasts of cyber threats are based on a combination of factors, including current and anticipated levels of digital development in the region, geopolitical considerations, upcoming major events, regulatory frameworks, recent cyberincident trends, and statistics from the dark web.

Forecast on the number of cyberattacks in the region

Cyberattacks on Southeast Asian countries are expected to keep rising. This projection is driven by the region's rapid digitalization, which involves shifting company operations online and digitizing vast amounts of sensitive data. The theft and sale of this data remain primary goals for financially motivated cybercriminals. Digital literacy across the population is improving at varying rates but generally falls behind the pace of digitalization. As a result, public awareness of cyberthreats and strategies to counter them remains relatively limited. This gap is caused by insufficient government efforts to enhance cybersecurity awareness and the lack of effective collaboration between governments and businesses, which could provide practical training in combating cyberthreats.

Forecast for the most targeted ASEAN countries

The top six most targeted countries in the region are expected to remain the same. However, during Q1–Q2 2025, attention is likely to shift toward the Philippines, driven by the upcoming presidential elections and heightened activity from hacktivist groups.

The Philippines and Singapore are of particular interest to cybercriminals because cryptocurrency is legally used in both countries. Considering that blockchain and digital assets are among the key global technology trends in 2025, the number of cyberattacks targeting cryptocurrency holders in these countries is expected to grow. These attacks are likely to involve new schemes to deceive users and exploit vulnerabilities in information systems related to digital currency operations and emerging platform solutions. Singapore, in particular, is a prime target for cybercriminals due to its high concentration of IT companies and the financial strength of its organizations. This is demonstrated by numerous ransomware incidents in which victims opted to pay the demanded ransoms after being attacked.

Indonesia is also expected to remain a frequent target for cybercriminals. Its fragmented regulatory framework, limited cybersecurity budgets, low digital literacy among the population, and insufficient infrastructure protection measures together create significant security vulnerabilities.

Forecast for the most targeted industries

The top three most targeted industries in Southeast Asia—government institutions, financial organizations, and manufacturing companies—are expected to remain the same. These industries are prime targets for cybercriminals due to the vast amounts of confidential information they manage, which can be sold on the dark web. According to the Shadowserver Foundation, Indonesia and Singapore are especially vulnerable to cyberthreats involving IoT, facing greater risks compared to other ASEAN countries. The widespread adoption of connected devices increases the attack surface, leaving digital industrial systems exposed to cyberthreats.

The industry-specific cyberthreat landscape may vary by country. In Singapore, as the technological hub of Southeast Asia, IT companies are expected to remain among the top three most targeted industries. As digital transformation advances and digital services grow, IT companies are taking on a greater role in other industries, increasing the risk of supply chain attacks.

Forecast for cyberattack methods

No significant changes are anticipated in cyberattack methods. Malware, particularly ransomware, is expected to remain the main method of cyberattacks in the region. The low level of digital literacy in Southeast Asia, combined with a shortage of cybersecurity specialists, widespread IoT adoption, and numerous unpatched vulnerabilities, indicates that malware attacks are unlikely to decrease.

Social engineering is expected to remain the second most common method of cyberattacks. Both organizations and individuals should prepare for new fraud schemes, including those leveraging AI—one of the key modern technologies. The use of generative AI in cyberattacks is common in the Asia-Pacific region. Between 2022 and 2023, the number of incidents involving deepfakes in the region increased by 1,530%, the second-highest rate globally after North America. Vietnam leads in the use of deepfakes for fraud, accounting for 23.5% of cases, while the Philippines has experienced the highest growth in deepfake usage, with a staggering 4,500% increase.

Key consequences for the region

The primary consequence of cyberattacks in ASEAN countries will likely remain the breach of confidential information. This is due to the continued use of ransomware, the susceptibility of organizations and individuals to social engineering attacks, and the general lack of security frameworks to protect sensitive data.

Governments in most ASEAN countries plan to allocate more attention and resources to cybersecurity. For instance, Malaysia intends to establish a cybersecurity commission and update personal data protection laws to ensure a coordinated defense against cyberthreats. However, since governmental measures often take time to implement, the trend of increasing data leaks will likely continue into next year.

Southeast Asian countries are making great progress in digitally transforming their economies and key industries, successfully tackling technological and innovation challenges. However, cybersecurity issues remain a major obstacle to achieving digital leadership in the region. Addressing these issues will require coordinated efforts both within individual countries and across the region. Among the critical issues are inadequate protection of digital services and low levels of cybersecurity awareness among users.

To overcome these obstacles and work toward digital leadership, ASEAN has introduced the Cybersecurity Cooperation Strategy for 2021–2025 and established the ASEAN Regional Computer Emergency Response Team (CERT). These initiatives aim to bridge technological gaps between countries in the region. For instance, Singapore uses advanced protection measures for critical infrastructure, including industrial control systems (ICS), while many less developed ASEAN nations lack similar safeguards. The cooperation strategies promote scalable and cost-effective ways to share best practices for fighting cyberthreats across all member states.

Key priorities for improving regional cybersecurity and addressing the above-mentioned challenges include updating government cybersecurity policies, strengthening collaboration between countries, and improving digital literacy, especially for those in high-risk industries.

Recommendations for governments

Updating national cybersecurity initiatives

Data localization policies require that digital services store user information on local servers.

However, regulatory frameworks vary widely across ASEAN member states, depending on national priorities. For example, Vietnam emphasizes national security, while the Philippines prioritizes business processes and allows freer cross-border data transfers. These differences complicate efforts to harmonize digital policies, slowing the region's technological progress. Collaborative efforts to establish secure cross-border data exchange based on agreed-upon standards could help address these issues.

Effective mechanisms for regional cooperation are essential, particularly for cybersecurity. These include sharing information on cyberthreats, conducting joint cyber exercises, and exchanging expertise. At the national level, governments should also improve interaction with sectoral and national cybersecurity response centers.

Protecting key industries

Governments must identify non-tolerable events and focus on safeguarding critical industries such as energy, transportation, and telecommunications, as well as the most frequently targeted sectors with significant security gaps. For example, Brunei currently lacks legal requirements for securing financial institutions, even though the financial sector is the second most targeted in the region.

Improving cyber literacy 

With the rapid growth of internet adoption across Southeast Asia, governments should focus on enhancing cyber literacy. This includes running awareness campaigns to educate people of all ages about current cyberthreats and the tactics used by malicious actors.
Building cybersecurity talent tool in the region is also essential. This includes developing educational programs in schools and universities and increasing the number of cybersecurity experts.

Recommendations for businesses

Identifying non-tolerable events and critical assets

With the continuous increase in cyberattacks, organizations must prioritize building cyber resilience. This starts with identifying critical assets that are likely targets for attackers and whose compromise could lead to non-tolerable events. Companies should identify these non-tolerable events, devise strategies to prevent them, and establish organizational and technical measures to protect their assets.

Cyberthreat monitoring and response

To promptly detect and respond to cyberthreats, organizations should integrate modern security tools into their IT infrastructure. Medium and large businesses are advised to use SIEM solutions to collect and analyze security events from multiple sources. Combining SIEM systems with XDR tools, which provide centralized cyberthreat detection and response, and network traffic analysis systems can significantly improve an organization's ability to detect threats early and respond efficiently.

Training employees

Human error is often the weakest link in cybersecurity, and with social engineering tactics becoming increasingly sophisticated, the risk of falling victim to cyberattacks is growing.

To address this, businesses should invest in regular training programs to improve employees' cybersecurity awareness. Practical cyberranges can be used to simulate real-world scenarios and train employees to handle specific threats relevant to their organizations. These cyberranges can be tailored to different audiences, such as students or corporate professionals. For example, Malaysia's Asia Pacific University of Technology and Innovation and the International Islamic University both use cyberranges to train students. Investing in digital literacy for employees will strengthen an organization's defenses against cyberthreats and minimize risks related to human error.

The data and findings presented in this report are based on Positive Technologies own expertise, as well as analysis of publicly available resources, including government and international publications, research papers, and industry reports.
We assume that most cyberattacks are not made public due to reputational risks. As a consequence, even companies specializing in incident investigation and analysis of hacker activity are unable to quantify the precise number of threats. This research aims to draw the attention of companies and individuals who care about the state of information security to the key motives and methods of cyberattacks, and to highlight the main trends in the changing cyberthreat landscape.
This report considers each mass attack (for example, phishing emails sent to multiple addresses) as one incident, not several. For explanations of terms used in this report, please refer to the Positive Technologies glossary.