Is biometric-blockchain defense the answer to Asia Pacific’s credential abuse and ransomware surge?
Cyber incidents across Asia Pacific are on the increase, and AI-driven deepfakes are fueling social engineering, scams and ransomware.
As attackers escalate to quadruple-extortion tactics, company boards are asking how to keep identities untouchable and data immutable.
Venket Naga, CEO & Co-Founder, Serenity, argues that pairing biometric keys with a decentralized, tamper-proof ledger has become a security imperative. His team is building an owner-controlled, survivable blockchain infrastructure that removes shared passwords, seals records against corruption, and lets organizations recover even if primary systems are encrypted or wiped.
We find out more about this two-pronged approach…
According to Aon’s latest Cyber Risk Report, cyber incident frequency across Asia Pacific were up 29% in the last one year, AI-driven deepfake attacks resulted in a 53% increase in social engineering incidents year-over-year, and social engineering and fraud claims increased by 233%. Verizon Business’ 2025 Data Breach Investigations Report found that ransomware accounts for 51% of the total data breaches in the region. What do these ransomware and deepfake numbers reveal about credential abuse?
Venket: These figures paint a stark picture: identity is now the most exploited vulnerability. Ransomware used to be largely about software vulnerabilities, but today, it’s increasingly triggered by human factors, stolen or spoofed credentials, which are often acquired through deepfake-enhanced social engineering.
The surge in deepfake incidents demonstrates how easily attackers can now impersonate real people and bypass both human and some machine-level verification. IBM’s latest report revealed that stolen or compromised logins remain the hackers’ preferred method of attack, leaving companies an average of almost $4.8 million out of pocket each time.
The 53% increase in deepfake-related incidents indicates that attackers are now combining social engineering with AI, creating audio and video fabrications that can deceive even trained security teams. It reveals a systemic weakness: most enterprises still rely on passwords, email links, and identity systems that are inherently static, replayable, and impersonable. Credential abuse has become the most cost-effective and scalable entry point for cybercriminals.
What we’re seeing is that credential abuse is the primary vector. Without solving that, layered defenses become irrelevant. That’s why solutions that tie credentials to biometric identity and bind them cryptographically to non-replayable, decentralized infrastructure are becoming essential. These are necessary to restore trust in access control.
How frequent and destructive to businesses are double-, triple- or quadruple-extortion tactics, and wiper attacks?
Venket: Double and triple-extortion attacks are becoming a standard norm for ransomware gangs, especially in Asia Pacific, where companies still lack a transparent and efficient plan to handle these kinds of threats.
Recent reports have highlighted that 70% of ransomware attacks worldwide involve double-extortion tactics, where the attackers threaten the victims using the stolen data. In Asia Pacific, it’s even worse: nearly 4 in 5 attacks now come with multiple layers of pressure, from exposing customer information to contacting regulators or even targeting business partners. Triple extortion adds pressure by targeting the victim’s customers or supply chain.
Some ransomware groups have taken it a step further by handing out “extortion playbooks” to their affiliates, showing them exactly how to pressure victims at every stage. Apart from locking data, they teach how to steal it, leak it, and even go after customers or partners to maximize the impact.
Wiper attacks take an even darker turn. These attacks wipe out data completely. They’re less common; however, these types of disruptive tactics are often seen in industries like telecom, energy, and public services. Recovering from these attacks can increase the costs to $10 million.
How does pairing biometric keys with a decentralized ledger improve credential management and protection?
Venket: Pairing biometric keys with a decentralized ledger gives credential security two major upgrades: it makes identity harder to duplicate and systems harder to tamper with.
A biometric key, such as your fingerprint or face scan, is tied directly to you and is not something you can forget, lose, or accidentally hand over, making it a much better alternative to traditional logins.
When access policies are recorded on a blockchain, you create a layer of protection that’s tamper-resistant and publicly auditable. Attackers can’t silently change permissions or slip in through the back door without leaving a trace.
Instead of storing credentials in a cloud database or relying on device-bound apps, this model binds access directly to the individual through biometrics, like a fingerprint or face scan, and enforces access rules through smart contracts on the blockchain. Because the credential isn’t stored in one place or sent over the internet like a password or token, there’s nothing for attackers to intercept or steal. It can’t be phished, copied, or quietly altered by someone with admin access. The system simply doesn’t leave those doors open.
Which regulated sectors (e.g. finance, real estate, healthcare) are likely first-movers on decentralized data survivability?
Venket: The financial industry would be one of the earliest adopters of decentralized data survivability. Finance is the nervous system on which the economy of several industries relies on for their daily operations. Whether it’s to pay off their cost, generate revenue, or manage their risks, financial services are a critical component of a business. For these daily financial operations, companies are required to share sensitive information with a central figure, creating a potential single point of failure.
Through decentralized data survivability, companies’ data can survive and remain accessible, staying tamper-proof even if some nodes fail or get compromised. Similarly, this concept can be utilized to protect the customer’s KYC and personal information from being stolen by scammers.
The other sector would be real estate, especially since tokenization has made it much easier for investors to invest in growing industries. Dubai in particular has seen the adoption of tokenized real world-assets (RWA) rising, which will require decentralized safekeeping for property titles, mortgage data, and contractual metadata. Along with tokenization, we’ll be seeing decentralized storage for sensitive documents come into play over the next few months.
Healthcare systems would also crucially benefit from decentralized data survivability, as they manage the sensitive information of thousands of patients and employees. The global blockchain technology market in healthcare is expected to reach $214.86 billion by 2030, reflecting a gradual shift toward blockchain-based data infrastructure. With the sheer volume of data being processed daily, information must be securely managed, which necessitates protection within a decentralized storage environment.
With regulators amending their rulebooks and opening the doors for decentralization, we can expect to see a global demand for decentralized data survivability, and all industries to implement decentralization within their systems.
What shifts in policy or standards would speed adoption of biometric-blockchain security across Asia Pacific?
Venket: Over the years, we’ve seen the blockchain industry grow massively, yet some are still reluctant to join, especially when there is a lack of clear guidelines. The policy focuses on protecting citizens from malicious actors who misuse this tech and also promotes adoption. Although it’s gradually decreasing, there’s still a gap between innovation and regulation.
Most regulators still assume that a centralized figure must handle an individual’s identity. However, this creates an opportunity for scammers to steal data from a single point of failure. This is where regulators need to formally recognize the importance of decentralized identity frameworks and update their KYC/AML rules.
Apart from updating its KYC/AML rules, regulators need to sit down to identify clear policies on encryption, storage, consent, and revocation. This step is crucial as businesses will always want to remain compliant with rules and regulations to avoid any mishaps. If biometric-blockchain systems lack clear guidelines, enterprises will be hesitant to adopt them.
In short, regulators need to update their rules. If the regulations catch up with innovation, we can expect a massive implementation of biometric-blockchain security across the Asia Pacific.
