Security Navigator 2025 shows great variation across APAC cyberattacks

Orange Cyberdefense, the specialist business unit of Orange dedicated to cybersecurity, has launched its 6th Security Navigator. Security Navigator 2025 emphasises the need for organisations to strengthen their defences against a rising tide of politically-motivated cyberattacks.

Australia, India, and Japan were among the most-affected across the Asia-Pacific (APAC) region, with Japan experiencing significant hacktivist activity. Seventy-one incidents were recorded in Japan from a solitary malicious source alone.

Highlights for the APAC region included:

- APAC cyber extortions (Cy-Xs) showed significant variation. While Japan ranks as the 13th-most affected country globally, China reported a lower number of victims. South Korea and Singapore experienced a moderate level of incidents.

- East Asia (excluding China) ranked 7th globally for Cy-X impact, with 80 victims in the past month.

- Southeast Asia saw a 9% decrease in Cy-X incidents with 104 victims, but still represents the 5th-most impacted region globally.

Philip Lee, Head of Orange CyberDefense, APAC said: “We are living in an era where digital technologies power economies, connect societies, and drive innovation at an unprecedented pace...the rise of adversarial AI techniques, combined with increasing connectivity through IoT and 5G, are factors contributing to the expansion of attack surface of systems and infrastructures. The varied cyber extortion and hacktivism landscape across APAC now demands flexible and localised security strategies to build a safer digital society amidst the region’s vast economic and technological diversity.”

Another emerging concern is hacktivist activity targeting operational technology (OT) systems, critical for operating essential infrastructure in the manufacturing, energy, healthcare and transportation sectors. The Security Navigator 2025 attributes nearly one in four (23%) sophisticated attacks targeting OT to hacktivists. As such attacks have typically been associated with state actors, the growth of hacktivism reveals a new level of sophistication and risk to critical infrastructure.

Nearly half (46%) of OT cyberattacks resulted in ‘manipulation of control,’ which means that the adversary managed to manipulate the physical process. The utilities sector has been heavily affected, with the report finding that it suffered 46% of attacks that directly targeted OT systems. Hugues Foulon, CEO of Orange Cyberdefense stated: “Cyberthreats have become a critical barometer for anticipating global geopolitical tensions. The insights generated by our cyber teams provide a fresh and robust perspective on international disruptions and their operational impacts on society.”

This year, there has been a 50% year-on-year (YoY) increase in attacks targeting the healthcare and social assistance sector, ranking it as the fourth-most impacted industry. Subsectors such as ambulatory healthcare and hospitals are now frequently targeted, whereas they were previously left alone.

Charl van der Walt, Head of Security Research at Orange Cyberdefense said: “The story in this year’s report is far bigger than statistics and technical details. It shines a light on a growing cynicism in the threat landscape as different threat actors seem less concerned about the potential of causing harm, and may even be more intent on inflicting it than ever before.” 

Other sectors have also experienced a marked rise in Cy-X attacks this year. The top three most impacted industries have all seen significant increases: +25% for manufacturing, +20% for professional, scientific, and technical services, and +65% for wholesale trade. Orange Cyberdefense defines Cy-X as "a form of computer crime in which the security of a corporate digital asset (confidentiality, integrity or availability) is compromised and exploited in a threat of some form to extort a payment."

The report also highlighted an increase in Cy-X impacting small and medium sized businesses (SMBs), with a 53% year-on-year (YOY) rise in incidents targeting small businesses. The research found that SMBs now account for over two-thirds of all observed Cy-X victims. The compounding effect of ‘revictimisation’ – where stolen data is reused in multiple extortion campaigns – further amplifies these organisations’ financial and psychological toll, Orange Cyberdefense said.

Critically, SMB cybersecurity may also impact large organisations as SMBs are often part of a supply chain. An incident at a small player can lead to a cascade of disruptions throughout the chain.

The Security Navigator 2025 further suggested that the traditional approaches to vulnerability management are no longer fit for purpose, due to the large number of vulnerabilities security teams must handle. This is especially true for smaller SMB teams, Orange Cyberdefense said.

The Security Navigator 2025 highlighted AI as a powerful yet complex tool, with both defensive and offensive cybersecurity applications reshaping threat dynamics. Threat actors, including state-sponsored actors from countries such as China, Russia and Iran, are leveraging generative AI (gen AI) to create realistic phishing content, fake images and deepfakes to deceive large audiences, which is supporting their deployment of ‘cognitive attacks.’

On the defensive side, the report found that AI can detect hard-to-identify threats. AI-driven systems have improved detection rates for advanced threats like ‘beaconing’ – a tactic where malware sends subtle, periodic signals to command-and-control servers – reducing incident response times by up to 30% as organisations use AI to identify and intercept these signals before damage can escalate.

However, the report also warned about vulnerabilities in gen AI solutions and urged business to implement strict access rights to sensitive data and systems, ensure isolation between tenants, and educate users about the risk of data leaks in prompts.

Explore

The Security Navigator 2025 report can be downloaded at https://www.orangecyberdefense.com/global/security-navigator

*The Security Navigator goes to the heart of attacks and decrypts the mechanisms of cybercrime, while providing concrete solutions to improve threat detection, risk analysis and post-attack recovery capacity. It brings together research and data from across more than 135,000 security events in 160 countries, 1,300 000 security vulnerabilities managed and 13,308 investigated cases of cyber-extortion since 2020, including 4,200 in the last 12 months. 

In addition, the data comes out of Orange Cyberdefense's 32 operational security centres and epidemiological labs around the globe, where the company's researchers have uncovered a year’s worth of cybercrime activities, including the activities of a pro-eminent hacktivist group.