Backdoor attacks tend to increase in Southeast Asia
According to security firm Kaspersky, backdoor attacks are one of the most dangerous cyber security threats targeting businesses that are increasing in Southeast Asia.
In 2025 alone, Kaspersky's enterprise solutions detected and blocked more than 3 million attacks through backdoor software.
Backdoors when integrated into legal software will allow attackers to remotely control the victim's computer. Unlike legal remote management tools, backdoor software is installed, launched and operated completely anonymously without user consent, even without the user knowing.
Once successfully infiltrated, the attacker can control backdoor software to send, receive, run and delete files; steal confidential data from the computer; record all activities on the device; and many other dangerous tasks.
Most of these backdoor attacks are recorded in Indonesia and Vietnam, with detections of 1,583,035 incidents and 1,269,924 incidents respectively. Following the list are Thailand with 251,502 cases, Malaysia with 212,239, Singapore with 50,511 and the Philippines with 35,232 detections.
More alarmingly, the number of backdoor attacks targeting businesses in the region is increasing every year.
Specifically, Malaysia had the highest increase - 86% compared to the same period last year, followed by Indonesia at 36%. The number of attacks through backdoors recorded in Vietnam also increased by 3% compared to the same period last year. Thailand did not record any fluctuations compared to the same period, while Singapore and the Philippines recorded decreases of 49% and 35% respectively.
In addition, Kaspersky also recorded more than 46 million on-device attacks targeting Southeast Asian businesses. The local threat is malware spreading through offline methods, including discrete USB drives, CDs, DVDs, or files that penetrate computers in a hidden, unopenable form, such as files in complex settings or encrypted files.
Recommendations
To proactively protect themselves from local attacks, cybersecurity experts recommend businesses:
- Always update software on all devices being used to prevent attackers from infiltrating the business's network.
- Periodically back up enterprise data. Backups must be separated from the internal network. Ensure quick access to the backup in emergencies when necessary.
- Using advanced security solutions to allow comprehensive display across the entire enterprise infrastructure, thereby quickly detecting, investigating and neutralizing complex threats.
- Comprehensive and detailed analysis of security incidents with advanced solutions, standardizing the entire process from zoning, collecting digital evidence, identifying the root attack vector to building a roadmap for overcoming and minimizing comprehensive risks.
- Synchronize internal processes and technologies to adapt to the actual context when threats are constantly changing with solutions that can support building an internal Security Operations Center (SOC) from the beginning, assess the maturity of existing SOCs, or improve specific capabilities such as incident detection and response processes.
