South-east Asia increasingly targeted by cybercrime groups to launch global attacks: report
Cybersecurity firm Mimecast attributes 77% of all attacks in 2025 to phishing, up from 60% in 2024
Sudeshna Dhar
[SINGAPORE] Cybercriminal groups are increasingly exploiting compromised systems within some developing technology hubs in South-east Asia to initiate global attacks, a new report indicated.
Such systems are frequently used as “proxy networks or stepping stones”, obscuring the source of malicious cyberactivity and muddying the efforts of security analysts to attribute or contain them, the report by cybersecurity organisation Mimecast has found.
“Cyberattackers increasingly use compromised systems – especially developing technology hubs in South-east Asia and Africa – to launch their attacks, complicating attempts to trace the origin of attacks, as researchers can track adversaries only to these jumping-off points,” the 2025 Global Threat Intelligence Report said.
It added that South-east Asia has weak security configurations and outdated infrastructure, compounded by an increasing number of small and medium-sized enterprises, distributed workforces and the widespread adoption of cloud-based services. The attackers are making use of these gaps to break into networks and launch attacks internationally.
David Sajoto, vice-president and general manager of Japan and the Asia-Pacific region for Mimecast, said: “Asia-Pacific’s rapid digitalisation and interconnected supply chains make the region a focal point for today’s cyberthreats.”
Who are the targets?
A substantial number of the attacks also target industries based on how they operate and their asset value.
Mimecast named professional education, IT software, telecommunications, real estate and legal organisations as some of those facing increasing impersonation attacks, indicating that such sectors have direct access to high-value targets, sensitive financial transactions and confidential client information.
Employees in the real estate sector encountered significantly more phishing attacks than those in other industries, noted Mimecast.
The organisation stated that this was likely due to the sector’s increasing exposure to social engineering threats.
The Mimecast threat research team also discovered a phishing campaign targeting professionals in the hospitality industry. Fraudulent e-mail impersonation and large-scale credential harvesting were both used to attack hotel management platforms such as Expedia and Cloudbeds.
Rise of smarter, AI-powered phishing, social engineering attacks
Mimecast’s data reveals key trends, such as an increasing number of smarter, artificial intelligence (AI)-powered phishing and social engineering attacks. Criminal organisations are also more frequently capitalising on trusted services, bypassing security to gain access to their victims.
The organisation attributed 77 per cent of all attacks in 2025 to phishing, up from 60 per cent in 2024, with attackers likely using more AI tools.
Ranjan Singh, chief product and technology officer of Mimecast, said that attacker behaviour in 2025 was headlined by an “exponential rise in AI-driven threats”.
“Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organised, state-sponsored adversaries,” he noted, adding that such actors are primarily exploiting trusted business services to enter security networks.
The attackers are finding new ways to exploit platforms such as Adobe Pay, DocuSign and Salesforms, with virtual meeting room and hosting service DocSend exploited the most in 2025, the report indicated.
Abusing this trust also involves compromising “captcha” services – a form of security support that differentiates between human users and bots. Victims are tricked, and threat intelligence analysts are slower to identify attacks.
“Thousands of unique malicious captcha-protected URLs are detected each month,” the report said. Over 900,000 instances involved Scattered Spider using such a strategy in the US and UK. Scattered Spider is a cybercriminal group primarily operating within the West.
Attackers also manipulate AI to send highly convincing phishing messages, “blurring the line” between authentic business operations and malware-driven activity.
Since the vulnerable nature of humans is a weak point, South-east Asian businesses are recommended to combine awareness, education and AI-powered defences for cyber resilience, Sajoto said.
Mimecast added: “Organisations across all industries must prioritise proactive threat detection, employee awareness, and layered defence strategies to stay ahead of evolving attacks.”
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
Copyright SPH Media. All rights reserved.
