Singapore – Southeast Asia’s growing network of technology hubs is being increasingly exploited as a launchpad for global cyberattacks, according to Mimecast’s recent 2025 report.
The study found that compromised systems across the region are frequently repurposed by cybercriminals as proxy networks to disguise the true origins of their operations, making it more difficult for security teams to trace and contain attacks.
The report also revealed that the region’s rapid digitalisation and widespread reliance on cloud-based tools have outpaced security preparedness, particularly among SMEs enterprises. Many businesses continue to operate on outdated or poorly configured systems, which attackers use as entry points to route malicious activity worldwide.
David Sajoto, vice president and general manager of Asia-Pacific and Japan at Mimecast, explained how APAC’s rapid digitalisation and interconnected supply chains also make the region a focal point for developing cyber threats.
“Threat actors are not only targeting Asia organisations—they are actively exploiting compromised infrastructure across the region to launch attacks globally,” David stated.
He added, “The message is clear: as the human layer becomes the new battleground, businesses in the region must pair awareness and education with AI-powered defenses to build real cyber resilience.”
Globally, phishing accounted for 77% of detected attacks in 2025—up from 60% a year earlier—with a significant portion showing signs of AI involvement. These AI-enhanced campaigns are increasingly being observed in Southeast Asia, where attackers use trusted online platforms such as file-sharing and e-signature services to deliver fraudulent messages that appear legitimate.
The report also highlighted a sharp rise in social engineering tactics designed to exploit human trust. Techniques like ClickFix—where users are tricked into executing malicious commands—have increased by more than 500% in the first half of the year, while multi-channel attacks combining email, voice calls, and messaging apps are becoming more common across the region.
“Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organised, state-sponsored adversaries,” Ranjan Singh, chief product & technology officer at Mimecast, explained.
He added, “Threat actors are also doubling down on human-focused attacks and exploiting trusted business services as their primary means of intrusion, making employee awareness and resilient systems more essential than ever.”
Researchers warned that these evolving attack methods are reshaping how cybercriminals operate, as the focus shifts from exploiting software flaws to manipulating individuals. This human-centric approach has blurred the boundaries between legitimate and malicious activity, especially as attackers increasingly impersonate trusted colleagues or business partners using AI-generated messages and synthetic voices.
The report urged regional organisations to strengthen collaboration with industry peers and governments, improve visibility across their supply chains, and adopt proactive cyber resilience measures that combine technological defences with workforce awareness.
