Indonesia Faces Surge in Cyberattacks, Becomes Major Source of Global Threats
Cyberattacks against Indonesia are escalating, with the nation also emerging as a significant origin point for spam and malware, according to a recent report released by AwanPintar.id on February 11, 2026.
Dramatic Increase in Attack Volume
The report, titled “Indonesia Alert: Digital Threats in Indonesia Semester 2 2025,” recorded a total of 234,528,187 cyberattacks during the second half of 2025. This translates to an average of approximately 15 attacks per second, representing a substantial 75.76% increase compared to the first semester of 2025. December 2025 witnessed a peak of over 90 million incidents, likely fueled by Distributed Denial of Service (DDoS) activity and increased digital transactions during the holiday season.
Indonesia as a Source of Cyber Threats
AwanPintar.id’s findings reveal a concerning trend: Indonesia is now the largest source of spam and malware. The country accounted for 56.29% of spam distribution in the second semester of 2025, a significant jump from 21.45% in the first semester. Similarly, Indonesia contributed 61.32% of malware originating from identified sources. This indicates widespread compromise of local infrastructure – servers, personal computers, and Internet of Things (IoT) devices – being exploited to launch attacks.
Evolving Attack Tactics
Attackers are demonstrating increasingly organized patterns, shifting from individual actions to collaborative efforts targeting public services and economic platforms. There’s also a notable increase (57.74%) in attempts to steal administrator access rights on Windows systems. Exploitation of vulnerabilities in network and VPN infrastructure is also on the rise.
Key Vulnerabilities Exploited
Attackers are increasingly targeting network protocols and critical infrastructure, including systems used by small businesses and consumers. Specific vulnerabilities being actively exploited include:
- CVE-2020-11900: Related to Treck’s TCP/IP stack, exploitation of this vulnerability increased from 1.39% to 22.97%.
- CVE-2018-13379: Targeting Fortinet’s VPN infrastructure, accounting for 20.12% of attacks.
- React Server Components: Security gaps related to React Server Components in modern web development are also being targeted.
The report also highlights the accelerating speed at which attackers are exploiting newly disclosed vulnerabilities, often within the same month of release, particularly in IoT devices and communication systems.
Recommendations for Mitigation
AwanPintar.id recommends immediate action to bolster cybersecurity defenses:
- Update Firmware: Promptly update the firmware on all network devices.
- Audit VPN Access: Conduct thorough audits of VPN access controls.
- Prioritize Security Updates: Prioritize the application of security updates to publicly accessible services.
The Need for Proactive Security
Yudhi Kukuh, Founder of AwanPintar.id, emphasizes that national cyber resilience is at a critical juncture. He asserts that passive defense is no longer sufficient to address the growing complexity of cyber threats, advocating for a more proactive digital security culture and robust vulnerability management practices.
These findings serve as a critical warning for digital infrastructure managers and businesses to enhance system security in the face of escalating cyber threats.