Asia Pacific had the most cyberattacks in 2024

The APAC region experienced the most attacks in 2024, accounting for 34% of all incidents investigated, according to IBM’s 2025 X-Force Threat Intelligence Index.

Cybercriminals continue to pivot to stealthier tactics as ransomware attacks on enterprises declined. This was the findings unveiled in IBM’s 2025 X-Force Threat Intelligence Index.

The 2025 report tracks new and existing trends and attack patterns on businesses and countries around the world by pulling from incident response engagements, dark web and other threat intelligence sources.

According to the report, critical infrastructure organizations accounted for 70% of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation. Advanced detection technologies and increased law enforcement efforts have also resulted cybercriminals focusing more on stealing data.

In fact, almost one in three incidents observed in 2024 resulted in credential theft, as attackers invest in multiple pathways to quickly access, exfiltrate and monetize login information.

For Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM, Cybercriminals are most often breaking in without breaking anything – capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points.

"Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data,” commented Hughes.

The APAC region experienced the most attacks in 2024, accounting for 34% of all incidents investigated. Data theft (12%), credential harvesting (10%), and extortion (10%) were the top cyber incidents reported last year, indicating the intent of cyber criminals to focus on targeting sensitive data and operational disruption. The manufacturing sector remained the most targeted industry in the region as well last year, representing 40% of incidents, followed by finance and insurance (16%) and transportation (11%).

The North America region was second in terms of incidents investigated, accounting for 24% of incidents in 2024. While the US was the most targeted country in North America representing 86% of incidents, Japan was the most targeted APAC country, with 66% of all incidents investigated. The Philippines, Indonesia, South Korea, and Thailand each represented 5% of cases.

As expected, the manufacturing industry continues to be the most targeted industry as well, coming in top for four consecutive years. Extortion and data theft remains high in the industry, with cybercriminals continuing to exploit vulnerabilities in legacy tools and technologies used in the industry.

Rise in AI attacks and deepfakes

“Generative AI is emerging as a new and growing addition to the toolbox of nation-state-backed threat actors, cybercriminals, hacktivists, and others. These adversaries are avid adopters, especially as they launch social engineering campaigns and high-tempo information operations. AI and automated solutions can magnify the impact of infostealers, expedite the fabrication of credentials, and make it easier to amplify the speed and scale of intrusions at lower cost,” stated the report.

The report revealed threat actors are increasingly leveraging AI to build websites and incorporate deepfakes in phishing attacks. According to the report, issues like the remote code execution vulnerability that IBM X-Force discovered in a framework for building AI agents will become more frequent this year especially.

Given the increased adoption of AI in 2025, adversaries will also be intensified to develop specialized attack toolkits targeting AI, making it imperative that businesses secure the AI pipeline from the start, including the data, the model, the usage, and the infrastructure surrounding the models.

Ransomware attacks continue to make up the largest share of malware cases in 2024. However, there has been a reduction in ransomware incidents as well. This is because cybercriminals believe identity theft can fuel more opportunities, especially in unleashing AI-enhanced threats and leveraging deepfake tools to target more victims.

X-Force observed attackers ramping up more stealthy and persistent attack methods to launch identity-based attacks. Specifically, one in three attacks noticed are using valid accounts resulting in a surge in phishing emails distributing infostealer malware and credential phishing fuels this trend, which may be attributed to attackers leveraging AI to scale attacks.

For X-Force, threat management is the core of every successful cybersecurity program. Organizations should look to enhance cyber risk and resilience practices towards improving security postures.

“For threats that do materialize, we need to evolve from ad hoc risk remediation and threat management to proactive, community-based measures such as threat intelligence sharing. Working together increases awareness and accountability across supply chains and ecosystems and raises collective resilience across the operations lifecycle,” the report concluded.