Thai servers breached, caused 16.57% higher cyber incidents in Q2 2025: Kaspersky

In the second quarter of 2025 (April - June), Kaspersky detected 223,700 incidents, which is 16.57% higher than the previous quarter, where there were 191,909 incidents.

Thailand has encountered a remarkable statistic in three years. From 64,609 incidents in Q2 2023, the numbers have surged continuously and reached 196,078 and 223,700 incidents in Q2 2024 and 2025, respectively.
 
Another key finding from Kaspersky shows that Southeast Asian countries differ in terms of the number of malicious incidents caused by compromised servers in each country. While Thailand, Malaysia, and the Philippines detected the increase, Indonesia, Vietnam, and Singapore recorded declines.

However, Singapore still logged the largest total of 4,995,653 malicious incidents in Q2.

Threat actors use compromised servers to host websites that deliver malware to unwary users. Victims are directed to these websites using fake adverts, phishing links in emails and SMS, and other schemes. Their computers and devices are later explored for vulnerabilities and compromises. When Kaspersky users encounter such online threats, Kaspersky solutions detect the sources of threats, or locations of the objects, and block them. 

Kaspersky report for Thailand is in line with the latest cyberthreat statistics of the National Cyber Security Agency (NCSA). Intrusion attempts (41%) and information content security (20%) are major threats detected in the first half of 2025, which were higher than in the same period of the previous year.

The report also shows that education (26%), government (20%), and financial (17%) sectors are the most targeted in Thailand.

“There are many factors of the increase in cyberthreats in the country. These include a wider digital surface, faster digitalisation adoption, and the rise of sophisticated threat actors. Digital transformation in Thailand has been accelerated by initiatives like Thailand 4.0, cloud adoption, and mobile banking. The number of online services and connected devices has increased tremendously. Larger digital footprint gives cybercriminals more entry points to exploit, especially if systems are not properly secured,” says Benjamas Chuthapiphat, Territory Manager for Thailand at Kaspersky.

As the cyberthreat landscape has shifted to more advanced and sophisticated attacks, in 2024, businesses and organisations in Thailand have experienced a large number of threats. Kaspersky solutions were able to detect and block 247,560 financial phishing attempts, 5,600,000 on-device threats, 7,298,037 brute-force attacks, and 13,958 ransomware attacks. 

“The more cybersecurity measures in organisations also result in more detected incidents. Advanced and comprehensive tools can identify more attacks than before. This gives the perception of a rise in incidents, though many of these attacks were likely happening undetected previously.

In light of that, it is important for organisations to consider cybersecurity not as a cost, but as an investment in business continuity and an insurance policy to protect assets and data, and maintain the trust of customers and partners,” adds Benjamas.

Kaspersky suggests that companies of all sizes take the following actions to protect their systems against compromise and penetration:

•    Implementing strong cybersecurity measures - This includes using firewalls, intrusion detection systems, and cybersecurity software such as Kaspersky Next to protect your endpoints.
•    Backing up data regularly - In the event of a compromise, having a backup of your data will allow you to recover your files without paying a ransom.
•    Keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
•    For larger companies, consider developing a stronger infrastructure by setting up a security operation centre using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform (KUMA), a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next EDR Expert, a robust cybersecurity solution that defends against sophisticated cyberthreats.
•    Educating employees about cybersecurity through tools such as Kaspersky Automated Security Awareness Platform - Employees should be aware of the risks of cybersecurity threats and how to protect themselves from them.