"The findings in this report highlight a rapidly evolving cyber threat landscape across Asia and the South Pacific, where cybercriminals are leveraging artificial intelligence, ransomware-as-a-service models and sophisticated social engineering techniques on an industrial scale," Neal Jetton, INTERPOL Cybercrime Director, said in a statement.
Phishing: the region’s most widespread and costly crime
INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report identifies phishing as the single most pervasive and financially damaging cybercrime in the region. A third of countries reported more than 10,000 phishing cases between January 2024 and March 2025. Across INTERPOL member countries in the region, over half reported that cybercrime made up no less than 30% of all crimes recorded nationally.
The report quantifies user susceptibility: 5.5 out of every 1,000 individuals in the Asia and South Pacific region clicked on phishing links each month — nearly double the global average of 2.9 per 1,000. That elevated click rate helps explain why phishing sits at the center of the region’s losses and why other crimes often flow from these initial compromises.
Ransomware’s scale and targeted sectors
Ransomware incidents surged alongside digital adoption. INTERPOL estimates the region registered more than 135,000 ransomware-related attacks in 2024. The vast majority of those incidents impacted three sectors in particular: real estate, manufacturing, and financial services.
The report also documents tactical shifts: ransomware groups are exploiting companies’ regulatory obligations to intensify pressure during extortion attempts. Combined with the growth of ransomware-as-a-service models, that trend has contributed to the industrialization and scale of extortion campaigns affecting businesses across the region.
AI-driven scams, deepfakes, and romance baiting
Artificial intelligence and deepfake technologies are no longer fringe tools; INTERPOL finds them incorporated into large-scale scams. The report describes AI-driven impersonations used to make fraudulent business-authorisation requests and deepfakes used in sexual exploitation, blackmail, or coercion.
Organized criminal networks in Myanmar, Cambodia, and Laos have blended AI personas with social engineering to carry out "romance baiting" schemes. INTERPOL quantifies the impact: those methods helped fuel $37 billion in regional cybercrime losses, according to the report. The use of forced labor in scam centers in countries including Cambodia, Laos, Myanmar, and the Philippines further illustrates the organized, transnational nature of these operations.
Malware families, intrusion vectors, and availability of attack tools
Beyond phishing and ransomware, the report lists banking trojans and information stealers as the second most prevalent type of cybercrime. Named malware families occupying the top spots include RedLine, Lumma, LokiBot, Negasteal, and ZBot. System intrusions accounted for approximately 80% of all data breaches in 2024, while distributed denial-of-service (DDoS) attacks surged 92% that year compared to 2023.
INTERPOL also highlights recurring technical weaknesses exploited by attackers: misconfigured systems, weak encryption, insecure APIs, and insufficient monitoring. Those gaps are the entry points through which the region’s malware and intrusion campaigns scale.
How law enforcement is responding, and what they are scaling
In response to the surge, INTERPOL reports that law enforcement organizations across the region — supported by INTERPOL — are scaling up joint efforts. The measures named in the report include coordination of operations against cybercriminal infrastructure, collaborative investigations, specialized training initiatives, and the creation of policies to improve cyber resilience.
The report frames these activities as essential to protecting communities and critical infrastructure as digital adoption accelerates across the region.
What this means for technologists, policymakers, and affected enterprises
- Technologists and security teams: expect continued emphasis on detecting phishing pathways, high-volume automated fraud, and common malware families such as RedLine, Lumma, LokiBot, Negasteal, and ZBot; the report points to misconfigured systems, weak encryption, and insecure APIs as immediate technical priorities.
- Policymakers and regulators: INTERPOL’s findings make strengthening operational cooperation, information sharing, and cyber resilience — through coordinated operations and policy creation — central tasks to reduce cross-border scam center activity and AI-enabled fraud.
- Affected enterprises in real estate, manufacturing, and financial services: the documented rise in ransomware and extortion, including tactics that weaponize regulatory obligations, suggests these sectors will face heightened pressure to harden systems and engage in joint investigations and response planning.
INTERPOL’s assessment paints a region where rapid digital uptake and uneven cybersecurity maturity have combined with new technologies and organized crime to scale fraud and extortion. The next phase will test whether intensified coordination — from joint operations to specialized training and new policy frameworks — can outpace an industrialized, AI-augmented criminal ecosystem. Will the region’s law enforcement and resilience efforts keep pace with the scale and innovation documented in the report?
