Risks for Southeast Asian businesses
In essence, vulnerability attack (Exploit) is a form of taking advantage of unpatched vulnerabilities on software or operating systems to illegally intrude into the system. This is still one of the common "gateways" of cybercrime.
Meanwhile, attacks targeting remote control protocols (RDP) mainly through password scanning or stealing login information are also being continuously exploited to illegally access business networks.
More than 2 million vulnerability-exploiting attacks targeting organizations in Southeast Asia were recorded by Kaspersky in 2025. In which, Indonesia is the country recording the highest number of detected cases in the region with 932,051 cases, followed by Vietnam with 587,217 cases and Malaysia with 416,962 cases.
In addition to exploiting software vulnerabilities, cybercriminals continue to target remote access services as a way to directly take control of the system.
According to records from Kaspersky's enterprise security solutions, more than 35.2 million remote control protocol-related attacks were detected in Southeast Asia in 2025.
In which, Vietnam and Indonesia are the two countries recording the highest number of cases, with 11,420,252 and 10,500,709 cases respectively. Thailand ranked third with 7,539,536 cases detected.
Mr. Simon Tung, Regional Director of the Association of Southeast Asian Nations (ASEAN) and the ASEAN Economic Community (AEC), commented: “The simultaneous increase in activities exploiting vulnerabilities and attacking remote control protocols shows that cybercriminals are still continuously targeting businesses in the region.
In the context of the increasingly diverse digital environment in Southeast Asia, threatening agents often proactively assess each target to choose the most vulnerable attack method. This reflects that attack methods are becoming more purposeful, flexible and adaptable.
How to prevent
To minimize the risk from attacks exploiting vulnerabilities and remote control protocols, Kaspersky experts recommend businesses:
- Ensure that devices in the system are updated to the latest version to promptly fix security vulnerabilities, preventing the opportunity for intrusion by attackers.
- Limit the public disclosure of remote computer control services (such as RDP) on the public Internet, unless absolutely necessary; and always use strong passwords to protect these services.
- Deploy advanced security solutions to have a panoramic view of the enterprise infrastructure system. From there, the security team can proactively review, classify, investigate and neutralize complex threats or targeted attack campaigns (APT).
- Update information from the Threat Intelligence solution to continuously grasp the tactics, techniques and attack methods that cybercriminals are using.
- Maintain the habit of periodic data backup and store these backups separately from the internal network. At the same time, it is necessary to practice the recovery process to ensure that businesses are always ready to access backup data sources in emergencies.
