A rise in state-sponsored cyberattacks and a more sophisticated cybercrime economy marked 2024 as a turning point for cybersecurity across Asia-Pacific, according to a new report by Ensign InfoSecurity.

In its sixth Cyber Threat Landscape Report (CTLR) 2025, the cybersecurity services provider found that state-backed actors are growing in both capability and activity across the region, leveraging stealth and long-term strategies to infiltrate networks undetected.

The report, based on Ensign’s proprietary telemetry and threat intelligence, highlights an increasingly complex threat environment where multiple actors—from state-sponsored groups to ransomware gangs and Initial Access Brokers (IABs)—collaborate for profit and disruption.

“Threat actors are no longer operating in silos. The cyber underground today functions as an illicit, dynamic, and highly collaborative marketplace,” said Xiang Zheng Teo, Vice President of Advisory at Ensign InfoSecurity.

State Actors and Cybercrime Alliances Reshape the Threat Landscape

Ensign observed that state-sponsored groups across APAC were not only more active but also strategically patient. These actors are capable of stealthy, prolonged intrusions, positioning themselves for high-value operations down the line.

Fuelled by a thriving underground economy, attackers are now operating in coordinated ecosystems. For instance, IABs adopt a “breach once, sell to many” model—offloading access credentials to various threat groups, complicating attribution efforts and enabling repeat exploitation.

Some state-sponsored entities even subcontract attack components to criminal operators, effectively masking their involvement and bolstering operational scale.

Supply Chain: The New Frontline of Cyber Risk

The report also shines a spotlight on growing vulnerabilities within the cyber supply chain, where attackers are increasingly targeting trusted service providers—such as legal, consulting, and accounting firms.

These Business and Professional Services (BPS) firms often lack advanced cybersecurity infrastructure, making them ideal stepping stones for attackers seeking entry into broader enterprise networks.

Longer Dwell Times Reveal Detection Gaps

Alarmingly, Ensign recorded a sharp increase in incident-response dwell time—the period attackers remain undetected. The longest dwell time in 2024 ballooned from 49 days to 201 days, while the shortest jumped from 3 to 7 days.

This extended window gives attackers more time to move laterally, exfiltrate data, and establish deeper control across systems.

Singapore: A Digital Testbed Under Threat

Singapore, with its status as a financial and digital hub, emerged as a prime target. The Technology, Media, and Telecommunications (TMT) sector overtook Manufacturing as the most attacked industry in 2024.

Data breaches were the most prevalent outcome (36%), followed by ransomware incidents (21%). Notably, Singapore also recorded the highest number of ransomware variants in the region, suggesting it may be used as a testbed for more complex cyber operations.

“We are increasingly seeing many organisations being compromised without them even realising it,” said Teo. “As digitisation deepens, AI technologies become more pervasive and threat actors grow increasingly sophisticated, organisations must move beyond assumptions of safety.”

He added that organisations need to validate their defences, address weak links, and adapt quickly to match the dynamic nature of today’s cyber threats.

A Call for Proactive Cyber Defence

Ensign’s latest report underscores a clear message: the cybersecurity landscape in APAC has entered a new phase, driven by geopolitical tensions, evolving criminal networks, and systemic weaknesses in digital ecosystems.

As cyber threats grow in complexity and scale, businesses and governments alike must adopt more proactive, intelligence-driven approaches to threat detection and response.

“It is clear that the cyber space is not benign… At Ensign, we remain committed to defending and protecting our customers in this dynamic environment,” said Teo.