Asia Pacific (APAC)

Thank you.

You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.

If you do not receive an email within 2 hours, please check your spam folder.

Thank you.

You may now close this message and continue to your article.

  • Summary

    The most common type of breaches that took place in APAC were caused by Financially motivated attackers Phishing employees for creds, and then using those stolen creds to gain access to mail accounts and web application servers


    5,255 incidents, 1,495 with confirmed data disclosure

    Top Patterns

    Social Engineering, Basic Web Application Attacks and Miscellaneous Errors represent 98% of breaches

    Threat Actors

    External (95%), Internal (6%), (breaches)

    Actor Motives

    Financial (96%), Espionage (3%), Fun (1%) (breaches)

    Data compromised

    Credentials (96%), Personal (3%), Other (2%), Secrets (1%) (breaches)

  • The APAC region covers an immense portion of the globe, and includes a multitude of nations, languages and diverse cultures, along with arguably more than their fair share of venomous reptiles. In keeping with that diversity, the APAC region shows a relatively wide range of industries that were breached over the last year. All of the main verticals you might expect to see are present to some degree. Finance, Healthcare, Retail, Manufacturing, and Education all make an appearance. In fact, for the first time ever we saw more breaches in APAC last year than in any other region.

    One industry in particular that posted impressive numbers this year was NAICS 21: Mining, Quarrying, and Oil and Gas Extraction (Figure 125). This was due to the fact that organizations in that vertical fell prey to sophisticated Social Engineering attacks.

  • As Figure 126 illustrates, 70% of attacks in APAC contained a Social Engineering action, typically Phishing. What those attacks harvested were almost exclusively Credentials (98%). Those creds were then either used to escalate or laterally expand the Social attack or were otherwise utilized to hack into web applications operated by the organization (23%). 

    If you have perused the other sections of this report, you might be asking yourself certain questions at this point. Who perpetrated these crimes? Were they in a dark room wearing a hoodie? Why am I not seeing ransomware in this region? All good questions, and as far as we can tell, they were mostly committed by Financially motivated organized criminals. While we have only anecdotal data on this topic, we feel certain that hoodies and dark rooms were involved to some degree. But regarding the last and most interesting of those questions (where is ransomware?), it holds the number 10 spot in Malware variety for APAC, which is in relatively stark contrast to what we see elsewhere. However, this is almost certainly a by-product of our contributors and their caseload rather than an actual dearth of this type of malware. We expect the "stand-and-deliver, your money or your data" attacks are flourishing in APAC as they most certainly are in other regions.

Let's get started.