The Asia Pacific region experienced the highest number of cyberattacks in 2024, according to IBM’s 2025 X-Force Threat Intelligence Index. Ransomware remained the most common threat, and the region was affected more than any other worldwide.
The IBM report revealed that Asia accounted for 34% of all incidents IBM X-Force responded to globally, while North America followed at 24%. The two regions made up nearly 60% of the total cases.
“Unlike in other parts of the world, ransomware remains a persistent threat in Asia Pacific, underscoring its continued profitability for attackers,” said Christopher Hockings, CTO in APAC of IBM Security. “Advanced detection technologies are essential to help organizations close the speed gap and stop threats before they escalate.”
Manufacturing sector most affected
The report found that the manufacturing was again the most targeted industry in Asia Pacific, making up 40% of the incidents. Finance and insurance followed with 16%, and transportation with 11%. Nearly one in four attacks involved stolen data or credentials.
For the fourth straight year, manufacturing also saw the most ransomware incidents. IBM X-Force explained that attackers continue to hit this sector due to its low tolerance for downtime, making it more likely to pay to regain access quickly.
IBM researchers said attackers are using external remote services (45%) and vulnerability exploitation (18%) as entry points, exposing gaps in the region’s digital infrastructure.
Rise of identity attacks and infostealers
While ransomware was still the most common malware type globally in 2024, IBM saw a decrease in such cases compared to 2023. Identity attacks, however, grew and often started with phishing emails that delivered infostealers — malware used to collect login details and other sensitive data.
Infostealers are now easier to deploy, and AI tools have made it more efficient for attackers to send phishing campaigns at scale. According to IBM, the top five infostealers in 2024 had more than eight million ads on the dark web, each potentially containing hundreds of stolen credentials.
Vulnerabilities fuel critical infrastructure threats
IBM’s report pointed to old systems and slow software patching as major weaknesses in critical infrastructure. In over 25% of cases involving this sector, attackers took advantage of known software flaws.
Four of the 10 most discussed software vulnerabilities on the dark web were linked to advanced cybercrime groups, including those backed by governments. IBM warned that exploit code for these flaws is being traded openly, increasing risks to energy grids, health networks, and industrial systems.
Growing threats to AI and Linux systems
While IBM did not observe large-scale attacks targeting AI systems in 2024, researchers flagged growing interest from threat actors. IBM expects more attempts in 2025 to exploit flaws in AI development tools and infrastructure.
Linux systems are also under pressure. In partnership with Red Hat Insights, IBM found that many Red Hat Enterprise Linux environments had not patched known vulnerabilities. While major ransomware groups now support both Windows and Linux versions of their malware, expanding their reach.
“To combat this, businesses must move beyond reactive security strategies and prioritize proactive actions, like modernizing authentication management, addressing gaps in multi-factor authentication, and hunting threats in real time before they compromise sensitive data,” Hockings said.
Get the latest before it trends. Follow Back End News on LinkedIn, Facebook, X, YouTube, and TikTok for real-time updates and in-depth coverage across the tech and security landscape.