A Self-Sustaining Cycle of Cyber Threats

Attributed to Dmitry Volkov, Chief Executive Officer, Group-IB

Cybersecurity in the Asia-Pacific (APAC) region is caught in a vicious cycle.

Every breach, every leak and every ransom demand not only impacts the victim but fuels a broader, self-sustaining economy of cybercrime. In an era where digital connectivity is the lifeblood of economic growth, this relentless cybercrime cycle threatens to undermine progress in the region.

Group-IB’s recently released High-Tech Crime Trends Report 2025  paints a concerning picture – cyber threats are no longer isolated events but a cascading series of attacks that feed off one another. State-sponsored espionage, ransomware, data leaks and AI-driven fraud now form a self-reinforcing ecosystem, creating a perfect storm for businesses and governments alike.

Last year, APAC experienced a 58% surge in Advanced Persistent Threat (APT) attacks, a 10% rise in ransomware incidents, and 6.4 billion compromised records flooding dark web markets. These figures are not just statistics, they represent a systemic risk to regional stability, innovation, trust and the economy.

Understanding the various forms of cybercrime is essential to recognising the scale and complexity of this growing crisis.

APAC’s Cyber Crisis: An Escalating Threat

Lurking in the shadows are Advanced Persistent Threats (APTs). APTs can hide in networks for months or even years. In 2024, APAC sustained 22% of the world’s 828 APT attacks. These strikes are not random; they are calculated moves against government, military and critical infrastructure. The rise of groups like DarkPink, who infiltrate with surgical precision, exemplifies the escalation of these threats. When APTs strike, the damage is not only financial—it shakes public trust and disrupts societal stability.

Ransomware-as-a-Service: Cybercrime’s Gig Economy 

The ransomware epidemic has evolved into a scalable business model. Ransomware-as-a-Service (RaaS) platforms now enable even low-skilled criminals to launch devastating attacks, democratising cyber extortion. In 2024, there were 467 ransomware attacks in the APAC region, with real estate, manufacturing and financial services bearing the brunt.

The financial toll extends far beyond ransom payments.  For example, a ransomware incident against a Southeast Asian bank last year disrupted services for 2.5 million customers, costing $12 million in recovery and legal fees. For manufacturers, this financial toll can come in the form of operational downtime, which alone can exceed $500,000 per hour.

Phishing: The Gift That Keeps on Giving

Phishing remains one of the most pervasive and damaging cyber threats, with attackers using deceptive emails, fake websites and fraudulent messages to steal sensitive information. In APAC last year, 51.6% of the top industries targeted by phishing attacks were financial services, followed by commerce and shopping at 20.4%. Globally, Group-IB detected more than 80,000 phishing websites, marking a 22% increase over the previous year.

Criminals are increasingly using techniques to evade detection and are implementing measures to hinder manual site analysis, including prohibiting code viewing and detecting the use of Developer Tools.

In 2024, the financial services sector was the most targeted industry for scams, accounting for 79% of all reported cases. Among these, investment scams were particularly prevalent, with fraudsters luring victims by promising high returns on fake cryptocurrency or stock opportunities.

Hacktivism: Geopolitics Goes Digital

Cybercrime is not limited to financial motives. Ideological hacktivism is turning APAC into a battleground for digital protest. Hacktivists are increasingly leveraging cyber tools to advance ideological goals, blurring the lines between crime and activism. APAC accounted for 39% of global hacktivism cases in 2024, the highest percentage globally with India (13%) as the primary target.  These groups do not merely deface websites or disrupt operations similar to how traditional vandals operate — they are actors in geopolitical conflicts, operating in the grey area between activism and warfare.

Breaking the Cycle: Time for a Unified Approach

The fragmentation of the internet into regional ecosystems, and the rise of county-specific data laws, demands a new approach to cybersecurity. National interests are increasingly influencing cyber strategies. This makes international cooperation more challenging – yet arguably even more critical.

Organisations must abandon reactive defences in favour of intelligence-led strategies. Investing in threat intelligence to understand adversaries, strengthening anti-money laundering (AML) defences to prevent financial exploitation, and adopting managed extended detection and response (MXDR) tools to detect and neutralise threats early can break the cycle.

Additionally, having the ability to monitor the dark web for stolen credentials and counterfeit sites must become standard practice, and social media surveillance is now a necessity to identify risks before they materialise.

Cyber threats are no longer an abstract risk—they are a daily reality with tangible consequences. Businesses, governments and institutions must shift from complacency to resilience, from passive defence to proactive disruption. The cost of inaction is not just financial; it is a fundamental threat to the stability and growth of the APAC region. To dismantle the self-sustaining cycle of cybercrime, APAC must embrace a new era of cybersecurity—one defined by intelligence, collaboration and relentless vigilance.