Southeast Asian organisations have faced an unrelenting weekly barrage of 3,513 multi-vector attacks for the past six months, according to a report this week by cybersecurity vendor Check Point Software Technologies. The number is nearly double the global average of 1,916.
Within the region, Indonesia and Vietnam experienced the highest number of attacks, with attack volumes that are much higher than the regional average, signifying the region’s increasing attractiveness as a target for threat actors.
The survey findings show a worrying convergence of threat trends, that include the weaponisation of AI-powered misinformation, an increase in info-stealer infections, and the growing dominance of data extortion-first (DXF) ransomware.
Seen as a whole, these factors point to a coordinated assault on digital trust, as attackers move beyond simple disruptions toward strategic, long-term compromise of critical assets, say Check Point.
Regional cybersecurity hotspots
Among the Southeast Asian countries, Indonesia reported the highest number of attacks with an average of 6,640 weekly attacks per organisation, twice the regional average. The country also faced significantly higher rates of botnet (23.8 per cent versus the region’s 15.7 per cent) and ransomware (16.1 per cent versus the region’s 8.1 per cent) attacks.
Vietnam recorded an average of 5,727 weekly attacks, with the government and military sector hit especially hard. It averaged 18,847 attacks per week in 2025, pointing to a concentrated campaign aimed at disrupting critical national infrastructure.
Singapore, a country equipped with a mature digital ecosystem, was not immune. The healthcare sector experienced an average of 5,770 weekly attacks, while the government and military sector face around 5,142.
In Thailand, the utilities sector suffered an average of 3,457 weekly attacks, while its government and military sectors remained among the top three most targeted, facing approximately 2,833 weekly attacks.
In the region, key sectors targeted remain government/military, healthcare, and finance sectors, as attackers exploit weak identity and access controls, and legacy systems. Threat actors are adapting, shifting from disruptive attacks to the strategic compromise of essential services, a trend intensified by increased digitalisation in the region.
Cybercriminals no longer work in isolation, said Teong Eng Guan, regional director for Southeast Asia and Korea at Check Point Software Technologies.
“We are seeing well-organised ecosystems and agile networks of threat actors collaborating to exploit the gaps between systems, processes, and even regulatory frameworks,” he added.
Key trends shaping cyber risk
Among key risks in the region is AI-powered deception. Threat actors are using this to mount highly realistic phishing campaigns, deepfakes, and synthetic voice attacks. As a result, they are able to bypass traditional verification methods, eroding public trust and infiltrating even well-secured networks.
Another issue is credential and information theft. Attackers are using information-stealing malware as an entry point for larger attacks, then following up with ransomware or supply chain breaches. Especially vulnerable are smaller organisations with weaker levels of cyber hygiene.
Attackers are also bypassing encryption to steal sensitive data, threatening public exposure if ransoms are unpaid. This has impacted healthcare, education, and government sectors, which have high-value personal data and face reputational risks.
Check Point recommends that organisations move from taking a reactive, fragmented defence to a more consolidated one that includes adopting multi-layered, AI-powered prevention and detection, improving visibility across hybrid and multi-cloud environments, and strengthening identity, application programming interface (API), and zero-trust controls.
Other considerations include putting in place a trusted programme that combines automation, strong data protection, and privacy-by-design principles, and being committed to cross-industry intelligence sharing.
