Sergey Nivens - stock.adobe.com
APAC businesses face surge in email attacks
Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals
Email attacks targeting businesses across the Asia-Pacific (APAC) region have surged over the past two years, according to data from cyber security firm Abnormal Security.
Between 2023 and 2024, the median monthly rate of advanced email attacks increased by almost 27%, rising from 472 to 600 attacks per 1,000 mailboxes. Notably, attack volumes rose throughout 2024, with a 16% rise between the first and second quarters, followed by a further 20% increase from the second to the third quarter.
Based on analysis of email traffic from Abnormal Security’s customer base, the research revealed that phishing attacks – often used as a gateway for more complex cyber crime – saw the highest increase. Instances of phishing rose by 30.5% year-over-year across the region, with Japan and Singapore experiencing a 37% surge, slightly ahead of the 30% increase in Australia and New Zealand.
While less frequent than phishing, business email compromise (BEC) attacks also saw a 6% year-over-year increase. BEC attacks, which use social engineering to trick employees into transferring funds or revealing sensitive information, pose a significant financial threat. These attacks typically bypass traditional security measures, making employees the last line of defence. With average losses exceeding $137,000 per successful BEC attack, even a small increase in their prevalence is cause for concern.
“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance and defence,” said Tim Bentley, vice-president for the region at Abnormal Security. “This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries and steal sensitive data.”
Bentley added: “As sophisticated email-based threats continue to rise, businesses in the APAC region must evolve their defences, including investing in intelligent security solutions that can precisely detect and block attacks before they land in employee inboxes.”
Read more about cyber security in APAC
- CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help enhance analyst efficiency and tackle cyber security challenges.
- Sophos finds three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea.
- The National University of Singapore’s Safe initiative strengthens security of IT systems and end-user devices while prioritising user experience through passwordless access.
- The chairman of Ensign InfoSecurity traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem.
