/data/photo/2024/05/13/6641c94f1555a.png)
Indonesia experienced a surge in cyberattacks throughout 2025, simultaneously becoming identified as a leading source of spam and malware during the second half of the year, according to a new report released February 11, 2026.
The report, titled “Indonesia Waspada: Ancaman Digital di Indonesia Semester 2 Tahun 2025” (Indonesia Alert: Digital Threats in Indonesia Semester 2 of 2025) published by AwanPintar.id, documented a total of 234,528,187 cyberattacks in the latter half of 2025 – an average of approximately 15 attacks per second. This represents a 75.76 percent increase compared to the first six months of the year.
December 2025 alone saw over 90 million incidents, a spike attributed to Distributed Denial of Service (DDoS) attacks and increased digital transactions during the year-conclude period. “Cyberattack actors within the country are no longer operating individually, but are beginning to show patterns of organized cooperation to target public services and economic platforms,” stated Yudhi Kukuh, Founder of AwanPintar.id.
Indonesia’s role in the dissemination of spam also dramatically increased, accounting for 56.29 percent of all spam originating from the country in the second half of 2025, a significant jump from 21.45 percent in the first half. The country was also identified as the source of 61.32 percent of all malware detected. These figures suggest widespread compromise of servers, personal computers, and Internet of Things (IoT) devices within Indonesia, which are then being exploited to launch attacks.
The report also highlighted a 57.74 percent increase in attempts to steal administrator privileges on Windows systems. Exploitation of vulnerabilities in network infrastructure and Virtual Private Networks (VPNs) also saw a substantial rise. Attackers are increasingly targeting network protocols and critical infrastructure, including systems used by small businesses and individual consumers.
Specifically, the vulnerability CVE-2020-11900, related to the TCP/IP stack Treck, experienced a surge in exploitation, increasing from 1.39 percent to 22.97 percent. Exploitation of CVE-2018-13379, targeting Fortinet VPN infrastructure, reached 20.12 percent. Security flaws related to React Server Components in modern web development were also targeted.
AwanPintar.id noted the accelerating speed with which attackers are exploiting newly disclosed vulnerabilities, including Common Vulnerabilities and Exposures (CVEs) released in 2025 that were immediately exploited, particularly on IoT devices and communication systems.
In response to these findings, AwanPintar.id recommends that companies immediately update the firmware of network devices, conduct VPN access audits, and prioritize security updates for publicly accessible services. Yudhi Kukuh assessed that national cybersecurity resilience is at a critical phase, stating that passive defense is no longer sufficient to address the evolving complexity of threats.
The company is urging industry and businesses to adopt a more proactive digital security culture, including the strict implementation of vulnerability management. These findings serve as a warning to digital infrastructure managers and businesses to enhance system security in the face of increasing cyber threats.
