cropped-icon-Logo-320.png
AhmadFaizun.com

Updates on Indonesian Security Trends

Information Security expert that recognized as global contributor on  encryption and development of new security testing tools and protection system.

back to overview

03.20 for Indonesia

 

Based on the latest publicly provided information, particularly from early 2024 and projections into 2025, here are the key trends in security incidents in Indonesia:

 

Indonesia is facing a rapidly escalating and increasingly sophisticated cyber threat landscape. It has become a major target for cybercriminals and even state-sponsored actors due to its rapidly expanding digital economy, large internet user base, and strategic geopolitical importance in Southeast Asia.

 

There are several prominent trends:

1. Surge in Ransomware Attacks:

  • Most Prevalent Threat: Ransomware continues to be a top concern and has seen a significant surge. The National Data Center attack in June 2024, which crippled critical government services including immigration processes and online student registration, is a stark example. This attack reportedly used the Brain Cipher variant of LockBit 3.0 ransomware, and attackers demanded an $8 million ransom.
  • Targeting Critical Infrastructure: Ransomware is increasingly targeting critical infrastructure, financial services, manufacturing, and transport sectors, causing significant operational disruptions, data loss, and severe reputational damage.
  • Ransomware-as-a-Service (RaaS): The rise of RaaS models fuels a fragmented but persistent threat landscape, making it easier for less skilled attackers to launch sophisticated ransomware campaigns.

 

2. Massive Data Breaches and Credential Compromise:

  • High Volume of Compromised Data: In the first half of 2024 alone, over 660 million records and more than 1 terabyte of data were breached in Indonesia.
  • Compromised Credentials: Over 315,000 Indonesian credentials were compromised in the first half of 2024, averaging over 60 every hour. These stolen usernames and passwords are then used for account takeovers, further data theft, and deploying more malware.
  • Notable Incidents: The data breach at the National Civil Service Agency (BKN) in August 2024, compromising over 4.7 million civil servant records, and the alleged NPWP (tax ID) data leak by "Bjorka" in 2024 are significant examples, exposing sensitive personal details of millions.

 

3. Sophisticated Social Engineering Attacks (Phishing and Smishing):

  • Highly Effective Vectors: Social engineering, including sophisticated phishing emails and smishing (phishing via SMS), remains extremely effective in Indonesia.
  • AI-Enhanced Scams: Attackers are increasingly leveraging AI to create more convincing and personalized scams, tricking individuals into revealing sensitive information or granting unauthorized access. This highlights the critical need for continuous user education and awareness.

 

4. Distributed Denial-of-Service (DDoS) Attacks:

  • Disruption of Services: DDoS attacks are still prevalent, aiming to overwhelm servers and networks to make services unavailable. A notable incident in 2024 involved a DDoS attack reaching an unprecedented bandwidth of 693.00 Gbps, capable of crippling online services.
  • Political and Ideological Motives: DDoS attacks can also be used for hacktivism or to disrupt government websites, as seen in past attacks on Indonesian government sites like the Cabinet Secretariat and DPR websites.

 

5. Targeting Web Applications and Supply Chains:

  • Primary Attack Vector: Web applications are identified as a primary target for cyber threat actors, especially across finance, e-commerce, and government services.
  • Third-Party and Supply Chain Risks: Adversaries are increasingly exploiting vulnerabilities in third-party vendors, IT service providers, and open-source software used by Indonesian organizations, creating indirect attack paths (supply chain attacks).

 

6. State-Backed Cyber Espionage:

  • Geopolitical Significance: Indonesia's growing geopolitical and economic significance makes it a target for state-sponsored advanced persistent threat (APT) groups. Reports indicate the involvement of groups like Lazarus Group, Gothic Panda, and Fancy Bear.
  • Multi-Motive Attacks: A mix of financially motivated, espionage, and infrastructure-targeting malware is observed, reflecting the diverse motives behind attacks.

 

Underlying Challenges Contributing to Trends:

  • Low Cyber Hygiene and Awareness: A significant portion of the Indonesian public and even some organizations lack adequate digital security awareness and best practices. Many users struggle to identify phishing attempts or use basic antivirus and firewall, event not many users are aware and find it necessary to install antivirus and firewall.
  • Capacity Challenges: Indonesia's cybersecurity push faces capacity challenges, particularly in the provinces, despite efforts to decentralize cybersecurity response with new Cyber Crime Directorates.
  • Regulatory Gaps and Implementation Issues: While Indonesia has enacted the Personal Data Protection Law (UU PDP), its implementation and oversight are still improving, which can create exploitable vulnerabilities.
  • Shortage of Skilled Human Resources: There's a recognized shortage of competent cybersecurity professionals in Indonesia, leading to delayed or less effective detection and response to incidents.
  • Underinvestment in Cybersecurity: Compared to its rapidly growing digital economy, Indonesia's cybersecurity spending as a percentage of GDP is relatively low, making it a more attractive target.

In essence, Indonesia's digital transformation, while bringing immense economic benefits, is also opening the door to a more intense and complex cyber threat landscape that demands robust and proactive national cybersecurity strategies.

 

Indonesian people should put more attention to security and its basic protection to ensure the perpetrator has a certain barrier to gain unauthorized access, stole data or event manipulate information reside in the user’s laptop, tablet, mobile phones or event android system in their cars.

 

Government may enforce certain laws and regulation to protect user from common exploits that embedded in the operation system, applications, either in mobile apps or web-based application, e.g. mandatory encryption, antivirus and firewall installation in any gadget connected to the internet, whereas the attack is already happening in Indonesian information ecosystem. We should not neglect any incident in the internet, that may impact to our personal data protection in financial transaction or stolen individual data. As initial hacking stage is, reconnaissance, collecting information, that may be used for exploit that harms our business or private life in the future.

Scroll to Top