Mimecast has released its 2025 Global Threat Intelligence Report, warning that cybercriminals are shifting tactics to target people from every direction and overwhelm traditional security measures.
The company says that compromised systems in Southeast Asia are increasingly being used as proxy networks that hide the origins of global cyberattacks, reflecting both the region’s rapid digital growth and its expanding exposure to cyber risk.
According to David Sajoto, vice president and general manager for Asia-Pacific and Japan at Mimecast, “Asia-Pacific’s rapid digitalisation and interconnected supply chains make the region a focal point for today’s cyber threats,” and attackers are actively exploiting compromised infrastructure in Southeast Asia to launch attacks worldwide.
The report highlights an escalation in AI-driven phishing and social engineering. Mimecast says phishing now accounts for 77 percent of all attacks, up from 60 percent in 2024, with threat groups increasingly using trusted services to slip past detection tools.
Ranjan Singh, Mimecast’s chiel product and technology officer, said, “We’re seeing a clear evolution in attacker behavior in 2025, headlined by an exponential rise in AI-driven threats,” noting that financial platforms, regulatory agencies, and city governments have all been targeted.
Mimecast’s research points to a surge in sophisticated social engineering tactics powered by generative AI. Attackers are crafting convincing email chains, synthetic voices, and audio messages, along with running large business email compromise operations that use AI-generated messages to push fraudulent payments. ClickFix schemes, which use fake error messages to trick users into running malicious commands, rose more than 500 percent in the first half of the year and now make up nearly 8 percent of reported attacks.
Attackers are also increasingly exploiting trusted business tools such as Adobe Pay, DocuSign, Salesforce, and especially DocSend, which the report identifies as the most abused service in 2025. Threat actors are using legitimate and custom CAPTCHA services to slow detection efforts, with Mimecast noting hundreds of thousands of malicious CAPTCHA-protected URLs tied to groups such as Scattered Spider.
The report says attackers are spreading their activity across multiple communication channels to avoid security monitoring, such as pairing phishing emails with phone numbers that move victims off monitored systems. These tactics have appeared in incidents involving executive impersonation and IT support scams, with AI-generated voices and deepfakes making these attacks harder to detect.
Certain industries are being hit harder than others, including Professional Education, IT Software, Telecommunications, Real Estate, and Legal services, all of which face high volumes of impersonation attempts. Real estate workers, in particular, experienced substantially more phishing attacks than other sectors.
Mimecast also uncovered a major phishing campaign aimed at hospitality professionals, using fake email impersonation and credential harvesting tied to platforms such as Expedia and Cloudbeds. The report concludes that organizations must strengthen threat detection, employee awareness, and layered defenses to keep pace with fast-evolving cyberattacks.
