IMG

New Research from Abnormal Security Reveals a Surge in Email Attacks Across the APAC Region

Phishing attacks in the region grew 30% YoY, while costly BEC attacks grew 6%

New Research from Abnormal Security Reveals a Surge in Email Attacks Across the APAC Region

Media Contact
Jade Hill
Director of Communications
media@abnormalsecurity.com

Abnormal Security, the leader in AI-native human behaviour security, today released new data that showcases how the Asia-Pacific (APAC) region has become a hotbed for advanced email threats. The findings reveal a marked increase in advanced email attacks, including phishing and business email compromise (BEC), targeting organisations across Australia, New Zealand, Japan, and Singapore between January 2023 and December 2024.

The data is based on an analysis of advanced email attack trends observed across Abnormal customers, including an analysis of traditional BEC attacks like executive impersonation and payment fraud, as well as credential phishing and malware.

According to the data, between 2023 and 2024, the median monthly rate of advanced email attacks in the APAC region surged by 26.9%, climbing from 472 attacks per 1,000 mailboxes to 600. Notably, attack volumes increased quarter on quarter in 2024, with a 16% rise between Q1 and Q2 and a 20% escalation from Q2 to Q3.

Out of all advanced email attacks, phishing – often the entry point for larger, more sophisticated attacks – rose most significantly across the APAC region, with a 30.5% year-over-year increase in incidents. The impact varied regionally, with phishing attacks in Japan and Singapore spiking by 37%, while Australia and New Zealand experienced a slightly smaller but still significant 30% increase.

While phishing attacks dominated in volume, BEC attacks also grew by 6% year-over-year in the APAC region. Despite seeing a significantly lower growth rate as compared to phishing, the rising prevalence of BEC is notable. Known for their precision and high financial impact – with average losses exceeding $137,000 per successful attack, and global losses totalling $2.9 billion in 2023 – growing rates of BEC underscore a critical need for robust defences.

Unlike phishing, BEC attacks rely on social engineering rather than technical exploits, often evading traditional security measures. This makes employees the last line of defence, emphasising the need for advanced solutions that neutralise these threats in real-time.

“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence,” said Tim Bentley, Vice President of APJ at Abnormal Security. “This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries, and steal sensitive data.”

Bentley continued, “As sophisticated email-based threats continue to rise, businesses in the APAC region must evolve their defences, including investing in intelligent security solutions that can precisely detect and block attacks before they land in employee inboxes.”

For more information on email attack trends in APAC, visit here.

About Abnormal Security

Abnormal Security is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyse the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications.