/data/photo/2024/05/13/6641c94f1555a.png)
Indonesia is facing a surge in cyberattacks, with a significant increase in both the volume of attacks and its role as a source of malicious online activity. A new report, “Indonesia Waspada: Ancaman Digital di Indonesia Semester 2 Tahun 2025,” released by AwanPintar.id on February 11, 2026, reveals a concerning trend of escalating cyber threats within the nation. The findings underscore a growing need for enhanced cybersecurity measures and proactive digital defense strategies.
The report documented a total of 234,528,187 cyberattacks during the second half of 2025, averaging approximately 15 attacks per second. This represents a substantial 75.76 percent increase compared to the first six months of the year, signaling a rapidly deteriorating cybersecurity landscape. December 2025 alone saw over 90 million incidents, a spike attributed to Distributed Denial of Service (DDoS) attacks and increased digital transactions during the holiday season.
Beyond being a target, Indonesia has also emerged as a major origin point for malicious online activity. The report indicates that the country accounted for 56.29 percent of all spam originating globally in the second half of 2025, a dramatic rise from 21.45 percent in the first half. Similarly, Indonesia was the source of 61.32 percent of malware detected, highlighting the extent to which compromised servers, personal computers, and Internet of Things (IoT) devices within the country are being exploited to spread attacks.
Organized Cybercrime and Evolving Tactics
The increasing sophistication of cybercriminals operating within Indonesia is a key concern. According to Yudhi Kukuh, Founder of AwanPintar.id, attackers are no longer operating as isolated individuals but are demonstrating “a pattern of organized cooperation to target public services and economic platforms.” This shift suggests a more coordinated and potentially resourced threat landscape.
Attackers are increasingly targeting network protocols and critical infrastructure, including systems used by small businesses and individual consumers. Exploitation of vulnerabilities is also becoming more rapid, with attackers quickly leveraging newly published Common Vulnerabilities and Exposures (CVEs), particularly those affecting IoT devices and communication systems. The report specifically noted a significant increase in the exploitation of CVE-2020-11900, related to the TCP/IP stack Treck, rising from 1.39 percent to 22.97 percent. Another vulnerability, CVE-2018-13379, targeting Fortinet VPN infrastructure, accounted for 20.12 percent of exploited vulnerabilities.
Windows Access and React Vulnerabilities
The report also highlighted a 57.74 percent increase in attempts to steal administrator access on Windows systems. Security flaws related to React Server Components, used in modern web development, are also being actively targeted. This indicates a broadening scope of attack vectors, encompassing both established operating systems and emerging web technologies.
Recommendations for Strengthening Cybersecurity
In response to these findings, AwanPintar.id recommends that companies prioritize updating firmware on network devices, conduct thorough VPN access audits, and prioritize security updates for publicly accessible services. Kukuh emphasized that a passive defense is no longer sufficient, and that a proactive security culture, including rigorous vulnerability management, is essential.
The current state of national cybersecurity resilience is at a critical juncture, according to AwanPintar.id. The organization urges industry and businesses to adopt a more proactive approach to digital security, emphasizing the importance of strict vulnerability management practices. This includes regularly patching systems, implementing robust access controls, and educating employees about phishing and other social engineering tactics.
These findings serve as a stark warning to infrastructure managers and businesses to bolster their system security in the face of escalating cyber threats. The increasing sophistication and organization of cybercriminals, coupled with the rapid exploitation of vulnerabilities, demand a concerted effort to strengthen Indonesia’s digital defenses.
Looking ahead, continued monitoring of the threat landscape and collaboration between government, industry, and security researchers will be crucial. AwanPintar.id is expected to release its next report covering the first semester of 2026 in late summer, providing an updated assessment of the evolving cyber threat environment in Indonesia.
What are your thoughts on Indonesia’s cybersecurity challenges? Share your comments below and assist us continue the conversation.
