Risks from spyware attacks
In 2025 alone, Kaspersky's business solutions prevented more than 800,000 spyware attacks targeting businesses in Southeast Asia. A total of 818,939 attacks were detected and neutralized in the past year, an increase of 18% compared to the total number recorded in 2024.
Mr. Simon Tung, Regional Director of the Association of Southeast Asian Nations (ASEAN) and the ASEAN Economic Community (AEC) of Kaspersky, said: “Our data shows that cybercriminals are changing their attack targets, from simply disrupting operations to stealing strategic information and sensitive business data.
In Southeast Asia, attacks aimed at collecting strategic information and sensitive data of businesses are increasing, making business networks a "gold mine" for cybercriminals.
In essence, spyware is a form of malware secretly installed on users' computers to secretly collect their data. Not only pushing business users into the risk of leakage and abuse of security information, this type of malware also secretly "consumes" resources, reducing the performance of devices and network systems, directly disrupting daily usage activities.
According to Mr. Simon Tung, spyware is a particularly dangerous threat to Southeast Asian businesses, because they operate silently but target valuable assets such as sensitive data, strategies and business intelligence.
In the context of a volatile global economy and complex geopolitical situation as it is today, business intelligence data has become an expensive commodity, allowing attackers to secretly monitor, collect and exploit for a long time.
An initial infectious incident can completely trigger a prolonged crisis chain, affecting the reputation, competitiveness and operational security of the business.
Recommendations
To minimize the risk from attacks by malicious spyware, experts recommend businesses:
- Ensure that devices in the system are updated in continuous versions to promptly fix security vulnerabilities, preventing the opportunity for intrusion by attackers.
- Minimize the public disclosure of remote computer control services (such as RDP) to the public internet. In case of mandatory use, it is necessary to set a strong and highly complex password.
- Apply advanced security solutions to have a panoramic view of the enterprise infrastructure system. From there, the security team can proactively review, classify, investigate and neutralize complex threats or targeted attack campaigns (APT).
- Update information from Threat Intelligence solutions to continuously grasp tactics, techniques and attack methods (TTP) that cybercriminals are using.
-Maintain the habit of periodic data backup and store these backups separately from the internal network. At the same time, it is necessary to practice the recovery process to ensure that businesses are always ready to access backup data sources in emergencies.
