Asia Pacific (APAC)

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.

If you do not receive an email within 2 hours, please check your spam folder.

Gracias.

You may now close this message and continue to your article.

  • Resumen

    The most common type of breaches that took place in APAC were caused by Financially motivated attackers Phishing employees for creds, and then using those stolen creds to gain access to mail accounts and web application servers


    Frequency

    5,255 incidents, 1,495 with confirmed data disclosure


    Top Patterns

    Social Engineering, Basic Web Application Attacks and Miscellaneous Errors represent 98% of breaches


    Threat Actors

    External (95%), Internal (6%), (breaches)


    Actor Motives

    Financial (96%), Espionage (3%), Fun (1%) (breaches)


    Data compromised

    Credentials (96%), Personal (3%), Other (2%), Secrets (1%) (breaches)


  • The APAC region covers an immense portion of the globe, and includes a multitude of nations, languages and diverse cultures, along with arguably more than their fair share of venomous reptiles. In keeping with that diversity, the APAC region shows a relatively wide range of industries that were breached over the last year. All of the main verticals you might expect to see are present to some degree. Finance, Healthcare, Retail, Manufacturing, and Education all make an appearance. In fact, for the first time ever we saw more breaches in APAC last year than in any other region.

    One industry in particular that posted impressive numbers this year was NAICS 21: Mining, Quarrying, and Oil and Gas Extraction (Figure 125). This was due to the fact that organizations in that vertical fell prey to sophisticated Social Engineering attacks.

  • As Figure 126 illustrates, 70% of attacks in APAC contained a Social Engineering action, typically Phishing. What those attacks harvested were almost exclusively Credentials (98%). Those creds were then either used to escalate or laterally expand the Social attack or were otherwise utilized to hack into web applications operated by the organization (23%). 

    If you have perused the other sections of this report, you might be asking yourself certain questions at this point. Who perpetrated these crimes? Were they in a dark room wearing a hoodie? Why am I not seeing ransomware in this region? All good questions, and as far as we can tell, they were mostly committed by Financially motivated organized criminals. While we have only anecdotal data on this topic, we feel certain that hoodies and dark rooms were involved to some degree. But regarding the last and most interesting of those questions (where is ransomware?), it holds the number 10 spot in Malware variety for APAC, which is in relatively stark contrast to what we see elsewhere. However, this is almost certainly a by-product of our contributors and their caseload rather than an actual dearth of this type of malware. We expect the "stand-and-deliver, your money or your data" attacks are flourishing in APAC as they most certainly are in other regions.

Let's get started.