MANILA, Philippines – Cyber threats in 2025 didn’t see new forms. Attackers still relied on traditional vectors such as phishing, ransomware, credential theft, and social engineering. What changed was the volume and scale of these attacks, resulting in what has become an “industrialization of cybercrime” powered by artificial intelligence. 

Multiple year-end reports from cybersecurity and IT firms — Viettel, Kaspersky, Cloudflare, Trend Micro, Palo Alto, and Fortinet — point to this increase in speed, scale and volume. 

Jonas Walker, head of threat intelligence for Fortinet told Rappler, “It sounds boring, but what works today will also continue to work next year… but attackers will be able to do it faster.” 

Vietnam’s Viettel Cybersecurity saw a 49% surge in data breaches in Q3 2025 compared to Q2, exposing over 52 million credentials from Philippine users and organizations in just three months. The firm described how the country’s rapid digital transformation “continues to outpace its defenses,” and how leaked data is being turned into fake job listings, e-commerce scams, and fraudulent loan applications. They noted that sectors with sensitive records — including healthcare — are now prime targets for ransomware that can disrupt operations and compromise patient information.

Russian firm Kaspersky’s data showed the same upward movement: its systems discovered an average of 500,000 malicious files per day in 2025, with certain categories growing sharply — a 59% surge in password stealer detections, 51% growth in spyware, and a 6% growth in backdoors compared to 2024.

Kaspersky’s report added another Philippine-relevant detail. Gen Z uses VPNs and privacy tools more than older groups, but between October 2024 and September 2025, Kaspersky detected over 15 million attempted attacks disguised as VPN applications. Instead of protecting users, these apps delivered malware and potentially unwanted software, from adware to trojans capable of stealing data and providing remote access to attackers.

IT infrastructure firm Cloudflare, known for its global content delivery network, focused on DDoS (distributed denial-of-service) attacks, and reported a similar jump in scale. In the third quarter of 2025, it automatically detected and mitigated 8.3 million DDoS attacks, a 15% increase quarter-over-quarter and 40% year-over-year. 

The Philippines was highlighted by the report as a special concern as the country becomes top 10 of the most DDoS-attacked countries in the world in Q3, jumping up by 20 spots. China remained the most attacked, followed by Turkey in second, and Germany in third place. 

AI assistants are said to be supercharging these DDoS attacks by automating tasks, real-time adaptation, and lowering the level of skill necessary to pull off attacks. 

Indonesia remains the top source of DDoS attacks in the world, among the 7 Asian countries on the list:

AI lowered the barrier to entry

AI is not being used to invent new attacks; it is being used to automate and scale existing ones. The same tools that help employees write emails, summarize documents, or experiment with code are being used by attackers to compose convincing phishing messages or generate malware variants faster than before.

“Legitimate AI tools make our life easier and more efficient. And attackers are using similar tools to make their attacks easier and more efficient,” Walker said. Public AI platforms such as ChatGPT or Gemini are designed to refuse malicious prompts, but criminals can simply bypass that with similar tools. “There’s a market where providers build similar tools… FraudGPT, Worm GPT… they don’t have the guardrails and they are specifically built for malicious purposes.”

The result is not novel but consequential: people with no technical background can now execute credible attacks. ChatGPT allows for “vibe-coding” or the ability to code simply by describing what is needed through natural human language. Malicious ChatGPT-like tools can do the same to help make people with minimal coding expertise create dangerous malware. 

Fortinet predicts that AI will also be able to speed up the monetization of stolen data. “Once attackers gain access to stolen databases, AI tools will instantly analyze and prioritize them, determine which victims offer the highest return, and generate personalized extortion messages. As a result, data will become currency faster than ever before,” the company explained. 

Trend Micro described the same dynamic, saying “AI hasn’t just augmented cyberthreats; it has industrialized them.” The company expects attacks to become “fully autonomous, adaptive, and scalable” across digital and physical systems, with agentic AI acting with growing autonomy and executing multi-step operations. 

Trend Micro also noted that “vibe coding” itself may be dangerous as it will accelerate innovation but may also probably introduce insecure code — since they are being crafted by less experienced professionals — into business systems. It said that research shows AI-generated code can be unsecure 45% of the time, with an expected vulnerability likely to be widely exploited.

The technical skills needed to run a cybercrime operation are far lower than before, Walker said. “It lowers the entry for cybercrime by a decent margin.”

Even basic password patterns can be exploited. Walker explained that if someone reuses variations of the same password, AI can guess those variations: “AI will come up with a list… instead of millions of combinations they might use 20 different passwords that are more likely.”

Walker describes this industrialization: “Cybercriminals, they provide a platform where they say: we have ransomware products, phishing products… you don’t need to write your own malware, you just use ours and you pay a small fee.” In some cases, the platform takes a cut only if the attack succeeds. “You complete a certain kind of deal and they might take a share of the profit.”

Fortinet, in a press statement, expects that by 2027, “cybercrime is expected to function at a scale comparable to legitimate global industries.”

The Philippine context

As the cybersecurity concerns spike, it becomes imperative for the country to adapt quickly. 

The country is digitizing everything at the same time — government IDs, healthcare records, business permit systems, taxes, and city-level services — through the eGov app. 

The app uses a single sign-on system for many government services like PhiliHealth and Pag-IBIG, which means when you’ve logged onto the app, you’re also logged in to many of its other services. A DICT audit also warned that the lack of contracts between the DICT and the other government agencies using it weakens accountability in case of a breach. 

E-wallets have increasingly become a default for payments in the Philippines, as reported by Google. Agencies are migrating to cloud platforms rapidly. 

The Philippines is also the number 1 most victimized country by scams in the ASEAN region, according to a report by mobile trade org GSMA; government websites are constantly threatened with defacements and hacks; and as mentioned above have quickly become a prime target for DDoS. 

That is the shaky cybersecurity grounds that the country currently stands on. 

The Philippines has a huge digital surface area, and as both digitization efforts and threats continue, the government’s National Cybersecurity Plan will be put to the test.

Viettel warned that “organizations who innovate without the necessary protection in place become vulnerable to risks,” and that cybersecurity “isn’t just a safeguard — it’s an enabler of sustainable digital growth.

Deepfakes are changing the psychology of attacks

If there is one more novel shift in cyber deception, it came in the form of deepfake audio and video, which Viettel reported as a top trend. According to their Philippine report, cybercriminals now use AI-generated videos, cloned voices, and fake executive communications to deceive employees and partners. Instead of a badly written email, an attacker can present a convincing urgent video message.

Walker told Rappler: “What if you call your boss and there’s a deepfake of him talking? If you see his face, you immediately trust it.” The quality of these tools is improving quickly, and the obvious visual glitches we’re used to seeing are disappearing. “Deepfakes are becoming more and more difficult… you cannot distinguish.”

This breaks the traditional advice about spotting scams, because the scam looks and sounds like someone you trust.

“The road ahead will be shaped by how quickly defenders can adapt to this reality. Cybersecurity has become a race of systems, not individuals, and organizations will need integrated intelligence, continuous validation, and real-time response to stay ahead of adversaries who measure success by throughput, not novelty,” Walker said. – Rappler.com