Backdoor attacks targeting businesses across Kaspersky-monitored networks in Southeast Asia surged 17% year-on-year in 2025, with over 3.4 million incidents detected across the region, according to new enterprise telemetry data released by the cybersecurity firm on Monday.

The findings underscore a shift in attacker strategy — from breaking into systems to quietly staying in them. Backdoors give attackers persistent remote access to compromised machines, operating invisibly without user consent. Once installed, they can exfiltrate data, log activity, execute files, and facilitate sustained cyberattacks.

Indonesia and Vietnam Drive Regional Numbers

Indonesia recorded the highest number of backdoor detections in the region at 1,583,035, followed closely by Vietnam at 1,296,924. Thailand registered 251,502 incidents, Malaysia 212,239, Singapore 50,511, and the Philippines 35,232.

Malaysia saw the sharpest year-on-year increase at 86%, with Indonesia rising 36% and Vietnam up 3%. Thailand was flat. Singapore and the Philippines were the only markets to record declines — down 49% and 35% respectively — though Kaspersky cautions that Singapore’s lower numbers should not be taken as a signal to reduce vigilance.

On-Device Threats Remain a Parallel Concern

Kaspersky’s telemetry also flagged over 46.4 million on-device attacks against SEA businesses in 2025 — threats spread through offline vectors such as USB drives, encrypted files, and complex installers. While this category saw a slight 6% dip region-wide, Vietnam (21.5 million), Indonesia (14.1 million), and Thailand (4.6 million) continued to account for the bulk of detections.

A Region at the Centre of Global Supply Chains

Adrian Hia, Managing Director for Asia Pacific at Kaspersky, said the data reflects a broader strategic shift by threat actors.

“The rise of backdoors highlights a critical shift in the threat landscape across Southeast Asia, from breaking in to staying in. For businesses, this underscores the need for continuous monitoring, advanced detection, and rapid response capabilities to uncover hidden access and prevent sustained cyberattacks.”

Hia also noted that Southeast Asia’s role as a key node in global supply chains — combined with expanded remote and hybrid work — continues to widen the attack surface for regional businesses.

Recommendations for Enterprises

Kaspersky recommends that organisations keep all software updated and maintain isolated, regularly tested backups.