Southeast Asia's rapid digital transformation has inadvertently turned it into a launchpad for global cyberattacks.
Mimecast's 2025 Global Threat Intelligence Report reveals that compromised systems within the region's burgeoning technology hubs are increasingly weaponised by cybercriminal groups. These systems serve as proxy networks, masking the true origins of malicious campaigns and complicating attribution efforts.
This poses a dual challenge for Southeast Asian CISOs: protecting their own organisations while simultaneously preventing their infrastructure from being exploited in attacks against others.
The proliferation of SMEs, distributed workforces, and cloud adoption across the region creates a fertile ground for attackers, who capitalise on weak security configurations and legacy systems to infiltrate networks.
The report highlights a concerning rise in AI-powered phishing and social engineering attacks. Attackers are leveraging generative AI to craft highly convincing lures, impersonating trusted vendors, partners, and even employees.
These sophisticated attacks bypass traditional detection tools, making employee awareness and training more critical than ever. Mimecast's analysis shows that phishing accounts for 77% of all attacks, a significant jump from 60% in 2024, with attackers likely using more AI tools.
ClickFix schemes, where users are tricked into executing malicious commands, have surged by 500% in the first half of the year.
"Asia-Pacific's rapid digitalisation and interconnected supply chains make the region a focal point for today's cyber threats," said David Sajoto, vice president and general manager, Asia-Pacific and Japan, Mimecast.
"Our analysis shows that threat actors are not only targeting Asian organisations — they are actively exploiting compromised infrastructure in Southeast Asia to launch attacks globally. The message is clear: as the human layer becomes the new battleground, businesses across the region must pair awareness and education with AI-powered defences to build real cyber resilience." David Sajoto
Chart 01: The top legitimate domains used by attackers include DocSend, GetResponse, and
Sharepoint, which resolve to pages on DocSend, ClkMg.com, and Microsoft SharePoint.
Attackers are also exploiting trusted business tools like DocuSign and Salesforce, and coordinating attacks across multiple communication channels to evade detection. Certain industries, including professional education, IT software, and real estate, are experiencing a higher volume of impersonation attacks.
For CISOs in Southeast Asia, the report underscores the urgent need to prioritise proactive threat detection, employee awareness programs, and layered defense strategies. Embracing AI-powered security solutions and fostering a culture of cyber resilience are essential to staying ahead of evolving threats in 2025 and beyond.
