Password stealer attacks targeting businesses in Southeast Asia surged 18 per cent year-on-year in 2025, with Kaspersky‘s business solutions detecting and blocking more than one million such attacks across the region’s corporate networks — up from approximately 901,000 in 2024, according to new data released by the cybersecurity firm.

Philippines and Malaysia lead regional surge

The increase was sharpest in the Philippines, where detections rose 41 per cent year-on-year, followed by Malaysia at 33 per cent and Singapore at 25 per cent — with the city-state recording more than 33,900 incidents in 2025. Vietnam saw a 21 per cent increase and Indonesia a 7 per cent rise. Thailand was the sole market to register a decline, logging a 21 per cent reduction.

Password stealers are a category of malware designed to silently extract stored credentials from browsers, application caches, cookie files, and cryptocurrency wallet data. Once harvested, stolen credentials are typically used for financial theft, identity fraud, extortion, or as an entry point for escalating attacks deeper into corporate networks.

“Password stealers remain one of the most effective tools in a cybercriminal’s arsenal because they target the front door of every organisation: user credentials. Kaspersky analysed 193 million compromised passwords and found that 45% could be cracked within a minute, while only 23% were strong enough to withstand attacks for over a year.” — Adrian Hia, Managing Director for Asia Pacific, Kaspersky

What organisations should do

Kaspersky recommends a layered response for enterprises across SEA. At the individual level, the firm advises adopting password managers, enabling multi-factor authentication, and avoiding passwords derived from personal information. For organisations, Kaspersky points to deploying advanced endpoint and XDR/EDR platforms, maintaining up-to-date software, leveraging threat intelligence services, and building or maturing an in-house Security Operations Centre capability.

The data underscores a broader shift in attacker tactics across the region: rather than attempting noisy brute-force intrusions, threat actors are increasingly prioritising quiet credential harvesting that sidesteps conventional perimeter defences without triggering alarms.