Asia-Pacific’s cybercrime boom: Inside INTERPOL’s 2025/2026 threat report


INTERPOL’s 2025/2026 report reveals a surge in AI-driven scams, ransomware, and infostealer malware across Asia-Pacific’s digital economy.

A new report from INTERPOL paints a stark picture of the Asia and South Pacific region: a digital economy outpacing its defenses. The INTERPOL Asia and South Pacific Cyber Threat Assessment Report 2025/2026, prepared by the Asia and South Pacific Desk (ASP Desk) under the ASPJOC initiative, draws on survey responses from 18 member countries along with private-sector intelligence to map out how cybercrime is evolving across the region between January 2024 and March 2025.

Scams are the biggest problem

Online scams and phishing top the list of threats, with a third of surveyed countries reporting over 10,000 cases each. These aren’t small-time operations — organized crime groups in Cambodia, Lao PDR, Myanmar, and the Philippines have built industrial-scale scam centers, some resembling forced labor camps, generating an estimated USD 40 billion annually through romance scams, fake investments, and illegal gambling.

Ransomware and malware remain relentless

The region logged more than 135,000 ransomware attacks in 2024 alone, hitting real estate, manufacturing, and finance hardest. One attack on Indonesia’s National Data Center knocked out 280 essential government services. Meanwhile, infostealer malware — tools like RedLine, LummaC2, and Lokibot — quietly harvest passwords and financial data, often setting the stage for bigger fraud or ransomware attacks down the line.

AI is changing the game — for criminals too

Perhaps the report’s most alarming finding is how fast criminals are adopting AI. Deepfake discussions on criminal forums jumped 600% in just a few months of 2024. Real-world consequences followed: a Hong Kong firm lost USD 25 million after a deepfake video call impersonated executives, and a Singapore finance director nearly lost half a million dollars the same way. AI is also powering more convincing phishing emails, fake job scams, and malware that can slip past traditional security tools.

The numbers are staggering

Over 6.5 billion cyber threats were blocked in the region during 2024, most of them arriving via email. Data breaches remain common, with system intrusions accounting for 80% of cases.

Fighting back

The good news: countries aren’t standing still. February 2025’s Operation SECURE united 26 nations to dismantle infostealer infrastructure, seizing servers and taking down over 20,000 malicious domains. Nations like South Korea, Indonesia, Hong Kong, and Japan have rolled out new laws, AI-powered detection tools, and public awareness campaigns. Notably, two-thirds of the surveyed law enforcement agencies have already adopted AI.

The takeaway

INTERPOL’s message is clear: cybercrime in this region is no longer scattered or amateur — it’s organized, technologically sophisticated, and growing. Closing the gap will require stronger cross-border cooperation, better-resourced law enforcement, and closer partnerships with the private sector.

Author