Indonesia experienced a surge in cyberattacks throughout 2025, and was too identified as the largest source of spam and malware in the second half of the year.
The findings are detailed in a new report, “Indonesia Waspada: Ancaman Digital di Indonesia Semester 2 Tahun 2025,” released by AwanPintar.id on February 11, 2026.
The report documented a total of 234,528,187 cyberattacks during the second semester of 2025, averaging approximately 15 attacks per second. This represents a 75.76 percent increase compared to the first semester of 2025. The escalating threat landscape underscores the growing need for robust cybersecurity measures in the region.
Indonesia Named Largest Source of Spam and Malware in 2025
December 2025 alone saw over 90 million incidents, a spike attributed to Distributed Denial of Service (DDoS) activity and increased digital transactions during the holiday season. This surge highlights the vulnerability of systems during peak periods of online activity.
“Cyberattack actors within the country are no longer operating individually, but are beginning to show a pattern of organized cooperation to target public services and economic platforms,” said AwanPintar.id Founder Yudhi Kukuh in a statement. This shift towards coordinated attacks signals a more sophisticated and dangerous threat environment.
Indonesia accounted for 56.29 percent of spam distribution in the second half of 2025, a significant increase from 21.45 percent in the first half. Similarly, the country contributed 61.32 percent of all malware detected. These figures indicate that a substantial number of servers, personal computers, and Internet of Things (IoT) devices within Indonesia have been compromised and are being used to spread malicious activity.
The report also noted a 57.74 percent increase in attempts to gain administrator privileges on Windows systems. Exploitation of vulnerabilities in network infrastructure and VPNs also saw a significant rise. Attackers are increasingly targeting network protocols and critical infrastructure, including systems used by small businesses and consumers.
Beware! MacOS Malware Can Now Disguise Itself as Official Applications
One vulnerability frequently exploited was CVE-2020-11900, related to the Treck TCP/IP stack, increasing from 1.39 percent to 22.97 percent. Exploitation of CVE-2018-13379, targeting Fortinet VPN infrastructure, reached 20.12 percent. Attacks were also detected targeting security flaws related to React Server Components in modern web development.
The report also highlighted the speed with which attackers are exploiting newly published vulnerabilities, including several CVEs released in 2025 and exploited in the same month, particularly on IoT devices and communication systems. This rapid exploitation underscores the importance of proactive security measures.
To address these challenges, AwanPintar.id recommends that companies promptly update network device firmware, conduct VPN access audits, and prioritize security updates for publicly accessible services.
Don’t Just Download, Free Games on Steam Can Bring Dangerous Malware
Yudhi assessed that national cyber resilience is currently at a critical phase. He stated that passive defense is no longer sufficient to address the increasing complexity of evolving threats. The need for a more proactive security culture is becoming increasingly apparent.
the industry and companies are encouraged to adopt a more proactive digital security culture, including implementing strict vulnerability management. These findings serve as a warning to digital infrastructure managers and businesses to enhance system security amid the increasing cyber threat.
KOMPAS.com is committed to providing clear, trustworthy, and balanced facts. Support the sustainability of clear journalism and enjoy comfortable ad-free reading through Membership. Join KOMPAS.com Plus now
