Cybersecurity News in Asia

Phishing and ransomware continued to challenge organizational defenses in H1 2025

By CybersecAsia editors | Tuesday, September 9, 2025, 9:38 PM Asia/Singapore

According to one cybersecurity firm’s user base data, surges in regional business email compromise and social engineering attacks were likely AI-driven.

Based on analyzing endpoint signals from over 1,000,000 Windows machines globally collected between January and June 2025, a cybersecurity vendor for the monitored devices has shared some 2024/2025 findings on cyber threat patterns in the ASEAN/APAC region, with the media.

First, the number of publicly known ransomware victims had increased by nearly 70% compared to the firm’s metrics for the same period in 2023 and 2024, with 3,642 claimed victims, and Cl0p, Akira, and Qilin emerging as the most active ransomware groups.

Second, phishing accounted for 25% of all attacks globally (in the H1 2025 data) and constituted 52% of attacks targeting managed service providers, marking a rise from 30% in H1 2024 data. Remote Desktop Protocol attacks had decreased sharply, from 24% to 3%.

Other findings
Third, social engineering and business email compromise attacks in the firm’s H1 2025 data had increased from 20% to 25.6% in January through May 2025, compared to the same period in 2024, with nearly 25% of phishing attacks in collaboration platforms involving AI-generated deepfakes or automated exploits. Also:

Manufacturing was the most targeted industry in the firm’s data, representing 15% of ransomware incidents in Q1 2025, followed by retail, food and drink at 12%, and telecommunications and media at 10%.
Vulnerabilities in third-party software such as the Cleo file transfer tool and SimpleHelp remote monitoring and management software continued to be exploited in the firm’s user base in H1 2025, with TeamViewer identified as having the highest proportion of unpatched vulnerabilities (4.56% of customers affected).
Monthly malware detections varied by region, with India recording 12.4% affected endpoints in May 2025, Brazil 11%, and Spain 10.2%.
Attackers had increasingly used process injection (MITRE technique T1055.001) and PowerShell (T1059.001) techniques to evade detection in the firm’s Q1 2025 customer incidents.
New ransomware actors such as Devman and Nightspire employed Ransomware-as-a-Service models with double extortion tactics in the H1 2025 user base data.
AI-powered threats were observed in several cases, including North Korean operatives using AI-driven deepfake avatars to gain employment at technology companies and vulnerabilities in AI models, allowing prompt injection attacks.
Collaboration app attacks had risen sharply compared to previous years’ data sets, with phishing attacks in these platforms increasing from 9% to 30.5%, and advanced email attacks from 9% to 24.5%.

According to Gerald Beuchelt, CISO, Acronis, the firm sharing its H1 2025 user ecosystem incident data analysis: “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. To survive in this threat landscape … a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
Mitigating Ransomware Risks with GRC Automation
In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

Meeting the business resilience challenges of digital transformation
Data proves to be key to driving secure and sustainable digital transformation in Southeast Asia.Read more
Upgrading biometric authentication system protects customers in the Philippines: UnionDigital Bank
An improved dual-liveness biometric framework can counter more deepfake threats, ensure compliance, and protect underbanked …Read more
HOSTWAY gains 73% operational efficiency for private cloud operations
With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
CISOs can navigate emerging risks from autonomous AI with a new security framework
See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more

Featured

What happened with Cloudflare?

Featured

High stakes in the cybersecurity AI arms race

Featured