Password Stealer Attacks Surge 18% in Southeast Asia

Cyber attacks targeting the business sector in Southeast Asia are becoming increasingly alarming. The latest report from Kaspersky telemetry reveals that Password Stealers have become the primary weapon for hackers to infiltrate corporate ecosystems undetected. Throughout 2025, Kaspersky’s business solutions detected and blocked more than 1 million password stealer attack attempts in the Southeast Asian region. Overall, there was an 18% increase compared to the previous year, demonstrating the massive scale of covert credential harvesting by cybercriminals. Indonesia has not been spared from this negative trend. A total of 234,615 attacks against domestic companies were successfully thwarted by Kaspersky’s security systems last year. Although the growth rate was 7%, the volume of attacks in Indonesia remains one of the highest in the region. Password stealer is a type of malware specifically designed to extract secret keys stored in browsers, analyse cache files and cookies, and even access cryptocurrency wallet data. Once credentials are obtained, perpetrators can commit financial theft, identity fraud, extortion, and launch more destructive follow-up attacks. Adrian Hia, Managing Director for Asia Pacific at Kaspersky, stressed that credentials are the ‘front door’ of every organisation. ‘Our analysis of 193 million compromised passwords found that 45% could be cracked in less than a minute. Only 23% were strong enough to resist hacking for more than a year,’ he revealed. To counter this threat, Kaspersky recommends several mitigation steps for organisations and individuals. For large-scale organisations, a technological approach is key. The use of advanced security platforms such as Kaspersky Next, which combines EDR and XDR capabilities, is highly recommended. Additionally, performing regular software updates and providing cybersecurity culture training to employees are essential foundations for maintaining business resilience against password stealer attacks.