Asia-Pacific (APAC) is experiencing a dramatic surge in system intrusion attacks, as cybercriminals increasingly favor more sophisticated, multi-stage methods to gain deeper, sustained access into organizational systems.
Data from Verizon Business’s 2025 Data Breach Investigations Report reveal that system intrusion has risen considerably over the past four years, escalating to become the dominant threat pattern across APAC. In 2024 alone, system intrusion accounted for an eye-popping 83% of all breaches, marking a staggering 44-point increase from 2023’s already significant 39%.
System intrusion is a complex pattern of cyberattacks where attackers gain unauthorized access to an organization’s systems. These intrusions are often used as entry points to carry out various malicious objectives, such as deploying ransomware, stealing data, or maintaining covert access.
The surge of system intrusion attacks in APAC underscores a shift towards high-reward strategies, where cybercriminals are now prioritizing prolonged network access to maximize financial gains. Unlike simpler attacks, system intrusions allow attackers to move laterally across networks and remain undetected for extended periods, making them both effective and profitable.
In contrast, social engineering attacks continue to decline in prevalence. In 2024, these attacks accounted for 20% of breaches in APAC, marking a 49-point decline from 69% back in 2020.
Social engineering involves the psychological manipulation of individuals to trick them into taking actions that compromise security or reveal confidential information. Their decline in APAC suggests that organizations have become more vigilant and effective at countering these tactics, likely due to improved security awareness training, stronger authentication measures, and more widespread use of phishing-resistant technologies.
Finally, the basic web application attacks pattern, which target web apps, dropped from 26% in 2023 to 11% of breaches in 2024. This trend can be in part explained by improved web security practices by organizations.
Malware and stolen credentials on the rise
Looking at the tactics employed to perform these attacks, the study found that malware remains the most prominent method. In 2024, malware accounted for 83% of breaches, up 25 points from 58% in 2023. Within the category, ransomware accounted for 51% of breaches, reinforcing its profitability as a favored tool among cybercriminals.
The use of stolen credentials is also widespread in APAC, present in 55% of breach cases in 2024. These are often paired with ransomware to infiltrate systems. First, access is gained through compromised credentials, then, ransomware is deployed to extort payment or cause operational disruption.
Other popular tactics in 2024 included hacking and exploiting vulnerabilities, which accounted for 67% and 37% of breaches, respectively. This further demonstrates attackers’ increased reliance on more sophisticated and higher impact methods to breach defenses.
Nearly all threat actors in APAC are external, with 80% being organized criminal groups and 33% being state-affiliated actors. Internal documents, including reports, plans and emails, are the data types most often stolen, alongside sensitive secrets. This reflects the region’s growing digital economy and increasing geopolitical importance, which is making APAC a prime target for both criminal and espionage-driven attacks.
The rise of data breaches in APAC
Data breaches are becoming increasingly prevalent in APAC. According to a 2024 survey by Cloudflare, 41% of the 3,844 APAC respondents polled by the company experienced a data breach between 2023 and 2024. 76% reported an increase in the number of breaches their company had sustained during the same time period.
In response to this growing threat, many APAC organizations are ramping up their cybersecurity efforts. Survey findings showed that 49% of respondents had deployed more than 20 security tools, with 82% adding more vendors and tools this year alone.
Looking ahead, businesses across the region are preparing to increase their investments in technology and security. Joint research from TechTarget and the Enterprise Strategy Group revealed that around 72% of survey respondents in APAC plan to raise cybersecurity budgets, while 44% intend to spend more on IT. This suggests that digital resilience is becoming a top strategic priority for APAC organizations.
Featured image credit: edited from freepik
