At the industry level, manufacturing was the highest-targeted vertical in APAC (46%), followed by finance and insurance, and transportation industries, which tied in second place at 12% and education is third at 8%. Also:

    • Phishing continued to be the top initial access vector in the region, with 36% of incidents in 2023, closely followed by exploitation of public-facing applications at 35%. The use of valid accounts, abuse of trusted relationship, and replication through removable media all tied for third with 12% of incidents analyzed.
    • Malware was the most observed threat, representing 45% of attacks in APAC. Ransomware accounted for 17%, followed by info stealers (10%). Backdoor attacks which accounted for 31% in 2022, fell sharply in the 2023 data, accounting for 3% of cases analyzed.
    • Although generative AI is currently in its pre-mass market stage, enterprises should secure their AI models now, before cybercriminals scale up their activity. The trajectory suggested by the data is that, once market dominance is established in the generative AI field (where a single technology approaches 50% market share or when the market consolidates to three or less technologies), cybercriminals will be mobilized to invest more in new tools exploit AI as an attack surface.
    • Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that does not require novel tactics from attackers to target. In the age of generative AI heading towards maturity, a holistic approach to security will be mandatory.
    • Penetration testing metrics indicated that security misconfigurations accounted for 30% of total exposures identified, involving more than 140 ways that attackers can exploit misconfigurations.
    • In some data sets, 92% of cybersecurity customers had at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top 10 vulnerabilities detected across systems in 2023 had been marked with a ‘High’ or ‘Critical’ CVSS base severity score.
    • In other data sets, there was a 100% increase in “kerberoasting” attacks, wherein threat actors attempted to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.