Kaspersky has recorded more than 35.2 million Remote Desktop Protocol (RDP) attacks and over 2.3 million exploit attacks targeting organisations across Southeast Asia in 2025, with Singapore among the most heavily targeted markets in the region.
The data, released on 12 May 2026, highlights the sustained pressure on enterprise networks across the region as attackers exploit both unpatched software vulnerabilities and exposed remote access services to gain unauthorised control over corporate systems.
Singapore among the hardest hit
Of the 2,370,977 exploit attacks recorded across SEA, Indonesia led with 932,051 cases, followed by Vietnam (587,217) and Malaysia (416,962). Singapore recorded 74,617 exploit-related detections. On a year-on-year basis, Malaysia saw a 40 per cent increase in exploit activity, while the Philippines recorded a 5 per cent rise.
RDP attacks, which target exposed remote desktop services through brute-force methods or credential theft, showed even higher volumes. Vietnam and Indonesia accounted for the largest share with 11,420,252 and 10,500,709 incidents respectively, while Thailand recorded the only year-on-year increase in RDP threats across the region. Singapore logged 2,782,479 RDP attack attempts in 2025.
Adaptive threat actors, deliberate targeting
“The presence of exploit activity alongside RDP-related attempts shows how attackers remain persistent in targeting businesses in the region. Across the region’s varied digital environments, threat actors assess each target and select the option that offers the least resistance, reflecting a more deliberate and adaptive way attacks are carried out,” said Simon Tung, General Manager for ASEAN and Asia Emerging Countries at Kaspersky.
Tung added that countering these threats requires a combination of AI-driven threat intelligence and cybersecurity solutions capable of continuously detecting vulnerabilities, monitoring access points, and responding in real time before threats escalate.
Recommended mitigations
Kaspersky advises organisations to keep software updated across all devices, avoid exposing remote desktop services to public networks unless strictly necessary, and use strong passwords for any RDP access. The company also recommends deploying endpoint detection and response tools, leveraging current threat intelligence, and maintaining isolated, regularly tested data backups.
