In 2025 alone, Kaspersky’s enterprise solutions detected and blocked more than 3 million attacks via backdoors.
Backdoors provide the attackers with remote administration of a victim’s machine. Unlike legitimate remote administration utilities, backdoors install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
Indonesia and Vietnam accounted for the majority of these incidents, recording 1,583,035 and 1,296,924 detections respectively. This is followed by Thailand with 251,502 cases, Malaysia with 212,239, Singapore with 50,511, and the Philippines with 35,232 detections.
The most alarming part, according to Kaspersky’s telemetry, is the year-on-year (YoY) rise of the backdoor detections targeting businesses in the region. Malaysia recorded the highest surge at 86%, followed by Indonesia at 36%. Vietnam also witnessed a 3% rise in backdoor detections. Thailand’s was flat YoY, while Singapore and the Philippines witnessed a dip at 49% and 35% respectively.
“Overall, businesses in Southeast Asia experienced 17% more backdoor attacks in 2025 versus 2024. The rise of backdoors highlights a critical shift in the threat landscape across Southeast Asia, from breaking in to staying in. For businesses, this underscores the need for continuous monitoring, advanced detection, and rapid response capabilities to uncover hidden access and prevent sustained cyberattacks,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
| Country | 2025 |
| Indonesia | 1,583,035 |
| Malaysia | 212,239 |
| Philippines | 35,232 |
| Singapore | 50,511 |
| Thailand | 251,502 |
| Vietnam | 1,296,924 |
| SEA | 3,429,443 |
Kaspersky’s backdoor detections on businesses in SEA
Kaspersky’s detection systems also intercepted over 46 million on-device attacks across Southeast Asian businesses. On-device threats are malware spread by offline methods – including that of removable USB drives, CDs, DVDs, or files that make their way onto computers in non-open forms, such as those in complex installers or encrypted files.
While there is a slight dip in B2B on-device attacks in SEA (-6%), Vietnam, Indonesia, and Thailand logged the highest volumes of this threat in 2025.
| Country | 2025 |
| Indonesia | 14,136,184 |
| Malaysia | 3,475,371 |
| Philippines | 1,592,414 |
| Singapore | 1,077,535 |
| Thailand | 4,632,103 |
| Vietnam | 21,561,107 |
| SEA | 46,474,714 |
Kaspersky’s on-device threat detections on businesses
“As a key connecting node to global supply chains, Southeast Asia has been and will remain a prime target for malicious cyber campaigns. Moreover, as we continue to engage with remote and hybrid work arrangements, which often involve the use of unmanaged devices, the attack surface will only continue to expand. It is hence particularly crucial for businesses across the region to invest adequately in the securitisation of their devices, not only to prevent potential financial and data losses but also to avoid being a conduit for further cybercrime,” adds Hia.
To stay protected against on-device attacks, Kaspersky recommends:
- Always keep software updated on all the devices you use to prevent attackers from infiltrating your network.
- Back up corporate data regularly. Backups should be isolated from the network. Make sure you can quickly access the backups in an emergency if needed
- Use advanced security solutions like Kaspersky Next for comprehensive visibility across all the company’s corporate infrastructure to rapidly detect, investigate and neutralise complex threats.
- Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
- Receive comprehensive and detailed analysis of security incidents with Kaspersky Incident Response. This service covers the entire investigation and response process, including initial containment, evidence collection, identification of the primary attack vector and development of an effective mitigation plan.
- Align your internal processes and technologies with today’s evolving threat landscape through Kaspersky SOC Consulting. This service helps you build an in-house SOC from scratch, assess the maturity of an existing SOC or enhance specific capabilities such as detection and response procedures.