Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Vocus Group, the parent company of Dodo and iPrimus, has confirmed a cyberattack that exposed sensitive customer data and led to unauthorised SIM-swap incidents. The breach affected 1,600 customers, underscoring rising cybersecurity threats in Australia’s telecom sector.
The US Department of Homeland Security has confirmed a major cybersecurity breach affecting FEMA and CBP employees. The attacker exploited a Citrix vulnerability to infiltrate internal systems, prompting mass staff firings and renewed scrutiny over federal cybersecurity practices.
Asia-Pacific faced over one-third of all cyberattacks in 2024, making it the world’s top target. From manufacturing breaches to talent shortages and rising ransomware, CNC investigates how a region of digital ambition became cybercrime’s global epicentre.
Across the sprawling digital archipelago of Asia-Pacific, a perfect storm of vulnerability and opportunity has created the world's most lucrative hunting ground for cybercriminals. An investigation by the CNC Cyber Team reveals how a toxic combination of rapid digitalization, chronic talent shortages, and regulatory fragmentation has transformed the region into ground zero for global cyber warfare.
The evidence is stark and unforgiving. IBM's X-Force Threat Intelligence Index 2025, released in May, confirms that Asia-Pacific absorbed more than one-third of all global cyberattacks in 2024—a concentration of digital violence that dwarfs any other region. But behind these statistics lies a more troubling narrative: the systematic exploitation of a region caught between technological ambition and security reality.
Manufacturing industries, the backbone of Asia's economic miracle, have become primary targets, accounting for 26% of regional cyber incidents. This deliberate focus on supply chains reveals cybercriminals' sophisticated understanding of global commerce vulnerabilities. Financial services follow at 23%, creating a dual assault on both production and capital flows that threatens regional economic stability.
Verizon's 2025 Data Breach Investigations Report exposes an even more disturbing evolution. System intrusions now dominate 80% of Asia-Pacific breaches—a dramatic surge from 38% the previous year. This shift signals cybercriminals' abandonment of opportunistic attacks in favor of persistent, methodical campaigns designed to establish permanent footholds within target networks.
The human cost of this digital siege becomes apparent in the daily statistics. Adrian Hia, Managing Director for Asia Pacific at Kaspersky, quantifies the relentless pressure:
"On a daily basis, we are looking at more than 145,000 attempts to break enterprises and SMBs' passwords and encryptions in Southeast Asia. That's a lot given the current shortage of cybersecurity staff in the region."
This talent crisis represents perhaps the most critical vulnerability facing the region. Malaysia's new Cybersecurity Act, despite legislative ambitions, remains hamstrung by an 84% organizational struggle to find certified cybersecurity professionals. Meanwhile, Brunei lacks basic mandates for financial sector protections, creating regulatory gaps that cybercriminals exploit with impunity.
The digital divide compounds these challenges exponentially. Nearly one-third of Asia-Pacific's population remains offline, creating a two-tier security ecosystem where connected populations face sophisticated threats while disconnected communities remain vulnerable to different forms of digital exploitation. This fragmentation prevents the coordinated response necessary to combat transnational cyber threats.
State-sponsored actors have recognized and exploited these structural weaknesses. Trend Micro's identification of "Earth Lamia," a China-linked threat group exploiting SAP NetWeaver and SQL Server vulnerabilities across Brazil, India, and Southeast Asia since 2023, demonstrates how nation-state resources amplify regional vulnerabilities. These groups operate with patience and precision, treating cybersecurity as asymmetric warfare rather than criminal opportunism.
The Coalition for Cybersecurity in Asia-Pacific (CCAPAC) has documented over 57,000 ransomware incidents in just the first half of 2024, with Indonesia, the Philippines, and Thailand bearing the heaviest assault. Attackers increasingly employ double and triple extortion tactics, transforming data theft into sustained psychological warfare that can cripple organizations for months.
As the region prepares to host over 14 billion IoT devices by 2025, the attack surface expands exponentially. Each connected device represents a potential entry point for adversaries who have already demonstrated their ability to exploit regional digital dependencies with devastating effectiveness.
Yet amid this digital chaos, a beacon of regulatory leadership has emerged. Australia's groundbreaking Cyber Security Act, which came into force in late May 2025, represents the world's first mandatory ransomware payment reporting regime. This legislative innovation, examined by the CNC Team this week, positions Australia to establish global standards for cyber transparency and threat intelligence sharing.
The Australian model offers a potential pathway for regional coordination that could fundamentally alter the cybercriminal calculus. By forcing transparency around ransomware payments and creating comprehensive threat intelligence databases, Australia demonstrates how legislative courage can transform national vulnerability into collective strength.
For a region fragmented by diverse regulatory frameworks and competing national interests, Australia's bold experiment provides a template for harmonized cybersecurity governance. The convergence of mandatory reporting requirements with the escalating regional threat landscape creates an unprecedented opportunity for intelligence gathering and coordinated response—if other nations possess the political will to follow Australia's lead.
The question now facing Asia-Pacific is whether other governments will embrace Australia's transparency revolution or continue allowing cybercriminals to exploit the region's digital divisions. The answer may determine whether Asia-Pacific remains cybercrime's promised land or becomes the birthplace of a new era of cyber resilience.
Stay one step ahead in cyber, AI, and tech news! Sign up now for exclusive alerts, expert analysis, and the latest breakthroughs—delivered straight to your inbox. Don’t miss out—join the CNC community today!
Subscribe for FREE
Kmart’s facial recognition breach exposes more than a privacy violation. This extended analysis unpacks Wesfarmers’ compliance failures, the identity risks of biometric data, and how retail surveillance linking with social media could erode consumer trust.
Microsoft 365 remains healthcare’s weakest security link, with breaches rising from 43% in 2024 to 52% in mid-2025. Patient data exposure, soaring costs, and AI-driven cyberattacks in Australia highlight urgent gaps. Policymakers face mounting pressure to safeguard data sovereignty.
Cyber incidents in the Asia-Pacific have surged 29% in the past year, with Australia facing major breaches at the University of Western Australia and Qantas. Manufacturing is the top target, deepfakes are on the rise, and experts warn the region is in a digital arms race demanding urgent action.
ASIO’s $12.5 billion espionage warning is more than a tally of stolen secrets. It reveals a national digital crisis. With 24 major spy operations disrupted and identity systems exposed, Australia’s critical infrastructure and social services face a growing risk of collapse from unseen cyber threats.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
