The Asia-Pacific (APAC) region, including Japan, experienced significant changes in cybersecurity throughout 2024. Cybercriminals are adopting more advanced technologies and tactics, making cyber threats harder to counter. Now, APAC organizations face two key challenges: combating these evolving threats and meeting new compliance requirements.
In this blog post, we’ll review the key trends that shaped the region’s cybersecurity landscape in the past year to help you prepare for the emerging challenges of 2025.
5 Key cyber threat trends of 2024
These five trends provide valuable insights about where cyber threats are headed.
1: AI tools amplify threat sophistication and detection challenges
Artificial intelligence (AI), machine learning (ML) and generative AI are not just buzzwords. They have fundamentally reshaped industries. And cyber threat landscape is no exception. In 2024, AI-driven attacks reached unseen levels of complexity in the APAC region.
Cybercriminals are now using advanced AI tools to craft realistic phishing messages in multiple languages, deploy chatbots, spread large-scale disinformation on social media and create convincing fake documents. These tools made attacks like phishing and business email compromise (BEC) easier to carry out and harder to detect.
Here are some common malicious use cases:
- Impersonation and fake websites. AI helps create convincing copies of trusted websites, such as banks or government portals, making scams harder to spot.
- Spreading misinformation. Attackers use AI to create news that seems real as well as fake videos and images. This enables misinformation campaigns to scale rapidly.
- Automated influence campaigns. AI speeds up disinformation efforts by allowing bad actors to create targeted content with automated tools. This means that messages can be tailored with precision to manipulate specific groups more efficiently and at scale.
- Multilingual reach and authenticity. AI enhances the global impact of manipulation because it can generate fluent, polished content in multiple languages. Reduced linguistic errors increases authenticity and broadens the scope of deceptive campaigns.
- Manipulating social media. AI bots can run fake accounts, amplify false narratives and manipulate online discussions, all of which can shape public opinion.
2: Deepfake scams reached an unprecedented level of authenticity
Deepfake technology has emerged as one of the most powerful weapons in attackers’ AI-driven arsenals. AI is now being used to create hyper-realistic video, images and audio content that’s designed to deceive and manipulate individuals and organizations across the region with alarming accuracy. This year alone, the APAC region saw a surge in AI-powered threats that exploited deepfakes for social engineering, misinformation and financial fraud.
The United Nations Office on Drugs and Crime (UNODC) reported a 600% increase in deepfake mentions on Southeast Asian cybercriminal forums and Telegram channels between February and June 2024. This trend builds on a 1,500% rise in deepfake crimes in 2023, with face-swapping scams increasing by 704% in just six months.
Examples of deepfake scams:
- At a Hong Kong-based financial institution an employee paid out $25 million after being on a video call with a deepfake chief financial officer.
- In Singapore, deepfake videos of former Prime Minister Lee Hsien Loong and Prime Minister Lawrence Wong falsely endorsed cryptocurrency products.
These scams demonstrate how deepfake technology exacerbates existing cybercrime threats, spreading misinformation and undermining public trust.
3: Ransomware continues to spread across the region
Ransomware continues to pose a significant threat across the APAC region, targeting both private and public sectors. Last year, some notable attacks included:
- In Singapore, a top law firm paid $18.9 million in Bitcoin after hackers encrypted its systems.
- In Indonesia, a ransomware attack on the National Data Centre disrupted over 280 essential services, including immigration and airport operations. The attackers demanded an $8 million ransom.
- In Japan, Kadokawa Corporation's video-sharing platform Niconico suffered a ransomware attack that led to a month-long shutdown. Plus, the personal data of hundreds of thousands of users was exposed, which severely its operations and stock value as well as its customers’ trust.
These incidents highlight the increasing threat of ransomware. And they demonstrate the importance of regulatory frameworks for cyber resilience.
In Australia, ransomware accounted for 11% of all cyber incidents that were handled by the Australian Signals Directorate (ASD) between 2023 and 2024. That’s up 8% from the previous period. Additionally, ransomware-related incidents made up 71% of all extortion-related cybersecurity events.
The Australian Cyber Security Bill 2024 requires companies to report ransomware payments. This will help the government track incidents more closely and increase transparency. The bill stresses the importance of working together to protect critical infrastructure and sensitive data.
4: Impersonation fraud and BEC continue causing major losses
Impersonation fraud remains a critical cybersecurity threat across the APAC region. With these scams, threat actors often pretend to be trusted entities—like financial institutions, government agencies or suppliers—to steal sensitive information from victims or have fraudulent transactions authorized. The threat extends across various media, including email and social media.
A few incidents in 2024:
- In Australia, bank impersonation scams are surging. In just the first nine months of 2024, nearly 3,000 customers of a single bank reported being targeted. The actual number of victims is likely much higher as many scams go unreported.
- In Singapore, impersonation scams surged in 2024 with over 100 cases in September alone. This resulted in S$6.7 million in losses. In one high-profile example, a commodity firm lost $42.3 million after attackers impersonated a supplier.
In response, governments across the region are putting new protections in place.
- The Monetary Authority of Singapore has introduced stringent consumer protection measures for digital payments.
- Hong Kong’s Monetary Authority is enhancing bank cybersecurity frameworks.
- The Reserve Bank of New Zealand is pursuing reforms to address fraud risks.
- Malaysia's Central Bank is improving real-time fraud detection through initiatives like the National Scam Response Centre and Risk Management in Technology (RMiT) guidelines.
As a subset of impersonation fraud, business email compromise (BEC) attacks exploit high-trust relationships, targeting executives and finance departments through social engineering and phishing. In one example, an employee from an investment bank in Singapore was tricked by a fraudulent SMS and email from someone posing as the CEO and talking about a confidential acquisition. The employee ended up transferring $6.66 million to a fraudulent U.S. account.
To combat impersonation fraud, businesses are prioritizing:
- Robust email authentication measures like DMARC
- AI-driven tools to detect and block suspicious communications
- Employee training to recognize fraud tactics
- Efficient reporting systems for suspicious interactions
- Real-time threat intelligence to stay updated on evolving impersonation schemes
By taking these proactive steps, organizations can mitigate the risk of impersonation fraud, safeguard their reputations and maintain customer trust.
5: Data privacy regulations are expanding
Data breaches are a persistent issue across various sectors across the region. In response, many APAC countries embraced a coordinated wave of regulations in 2024. This reflects a clear trend toward tighter controls and rigorous accountability when it comes to handling data. Governments across the region are updating their legislation that addresses data breaches, cross-border transfers and individual privacy rights.
Here are some highlights from 2024:
- India’s Digital Personal Data Protection Act (DPDPA) emphasizes data transparency and breach notifications. Not only does it mandate robust incident reporting, but it also requires significant data fiduciaries to appoint locally-based data protection officers (DPOs) to ensure compliance.
- Japan’s Personal Information Protection Commission (PPC) announced plans for amendments to the Act on the Protection of Personal Information (APPI). The revisions were meant to align with business needs, meet the three-year review requirement and address industry feedback.
- Australia’s Privacy and Other Legislation Amendment Bill 2024 introduced major reforms to the Privacy Act 1988 to strengthen personal data protection.
- South Korea’s Personal Information Protection Commission (PIPC) has amended the PIPA Enforcement Decree, which introduced new data subject rights and stricter chief privacy officer (CPO) requirements.
- The Singapore Parliament has passed the Cybersecurity (Amendment) Bill, which amended the Cybersecurity Act 2018. It expands the law’s coverage, enhances reporting obligations and empowers the CSA to impose significant civil penalties.
- The Vietnamese government approved the new Law on Personal Data Protection, which includes establishes stronger legal frameworks for personal data usage and protection.
- Indonesia's Personal Data Protection Law (PDPL) strengthens data privacy by establishing clear consent requirements, breach notification protocols and stricter obligations for data controllers and processors.
- The Malaysian Parliament passed the Personal Data Protection (Amendment) Bill 2024.
As these regulatory frameworks evolve, businesses operating in the region must adapt quickly to meet these standards.
Prepare for 2025 with Proofpoint
As 2024 draws to a close, it is clear that the cybersecurity landscape across the APAC region has grown increasingly complex. Cybercriminals are using AI/ML-powered tools to escalate the scale and precision of their attacks. An increasing number of highly targeted campaigns are able to bypass traditional defences. To stay safe, businesses must strengthen their security frameworks and adapt quickly.
Looking ahead to 2025, it is imperative for businesses to embrace human-centric security strategies. By prioritizing employee training and implementing robust protective measures, businesses can foster a culture of security awareness, which is essential for reducing risks and disrupting the attack chain.
Proofpoint is well-positioned to help you overcome these challenges in the APAC region. With a comprehensive suite of solutions, we empower you to defend against sophisticated threats while ensuring compliance with emerging regulations.
We recognize that people are the most targeted link in the attack chain, and no system is entirely foolproof. That’s why managing the human element in cyber risk is essential to building a resilient workforce that can break the attack chain. With a human-centric security approach, we provide multilayered protection to protect people, defend data and mitigate human risk.
Contact Proofpoint today to find out how we can help safeguard your company’s future in the dynamic APAC cybersecurity environment.
To stay ahead of the evolving cybersecurity landscape, check out our latest blog: “AI, Data Security and CISO Shifts: Top Cybersecurity Trends to Watch in 2025.”