Subscribe for the latest from LastPass blog
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
The LastPass TIME Team is thrilled to announce the launch of our new podcast The Phish Bowl! Join us every month as my longtime colleague and co-host Mike Kosak and I (Stephanie Schneider) dive into the global cyber threat landscape. Every episode, we’ll unpack what’s really going on beneath the surface, exploring the globe region by region. We’re also publishing a new report for each region on a quarterly basis that will serve as the foundation for the podcast.
When we’re looking at what’s shaping regional cyber activity, it’s helpful to understand the geopolitical environment and factors influencing various actors’ motivations. Integrating these geopolitical insights with a strategic high-level view of potential threats informs organizations’ proactive cybersecurity decision-making. It helps security teams better anticipate, identify and respond to threats, and it helps businesses proactively address potential outcomes and contextualize threats specific to their industry, region, or business operations.
For our first episode, we kicked things off with a deep dive into the Asia-Pacific (APAC) region. APAC is one of the most active, complex cyber environments given its dynamic geopolitical environment, economic factors, and flourishing cybercrime scene. We were lucky to be joined by Nate Blumenthal, former senior intelligence advisor to CISA, as our inaugural episode’s special guest. Nate shared sharp insights on Iran’s cyber posture and its shift towards hybrid warfare in the context of the ongoing conflict in the Middle East. Nate also offered some practical suggestions to improve your own cybersecurity that everyone can implement right now.
Why APAC matters right now
APAC cyberattacks trended high last year due to a high number of financially motivated cybercrime and state-backed attacks. This trend has continued this year. APAC experienced the largest share of incidents globally (34%) in 2024, which marks a 13% increase, according to IBM. From ransomware to credential theft, the region is experiencing a broad range of threats. Industries like manufacturing, finance, and transportation are especially targeted.
Ransomware remains one of the most pervasive threats to the region. Last year, Asia accounted for approximately 11% of global ransomware activity mainly targeting manufacturing and engineering, with India and Japan seeing significant activity. Australia emerged as a top regional ransomware target, and it is among the top 10 of countries impacted based on ransomware gang reporting of alleged victims. There were several victims in Taiwan, Singapore, and Japan. Thailand also saw an unusual increase in victims.
Nation-state threats: China, North Korea, and Iran
Beijing-backed hackers have been particularly aggressive and appear to have targeted intellectual property theft, telecom intrusions, and semiconductors. What’s interesting is how closely their cyber activity aligns with Beijing’s strategic Five-Year Plans that outline goals, objectives, and policy directions. It’s like they're handing us a roadmap that aligns with their long-term ambitions.
Then there’s North Korea. They’ve continued to go after crypto and are infiltrating the workforce in the US and, more recently, expanded to targeting European private entities for malicious purposes, including data exfiltration and extortion and the enablement of cryptocurrency thefts. The scheme involves thousands of DPRK IT workers who use false or stolen identities from people in the US and other countries to obscure their true nationality and get hired at private companies across almost every sector. These North Korean IT workers may seek direct employment with targeted companies or attempt to gain access via third-party vendors and/or contractors. This is all part of an effort to bypass sanctions to raise funds for Pyongyang’s regime and weapons programs. The US Department of Justice recently announced several actions to combat this scheme.
Nate brought some fantastic perspective on Iran, especially in the context of the recent Israel-Iran conflict. A big takeaway from our conversation is that cyber operations are no longer just a side tactic—they’re central to modern conflict. And the private sector is squarely caught in the crosshairs.
Cybercrime in Australia
The rise of cybercrime in APAC has been particularly pervasive in Australia, which has recently emerged as a popular target, especially when it comes to ransomware. For example, Australian airline Qantas was recently breached by Scattered Spider using social engineering tactics in early July 2025, exposing customer data belonging to up to 6 million customers.
The latest in a string of significant attacks targeting Australia-based entities, we explore a recent attack targeting a campaign targeting the country’s Association of Superannuation Funds in depth. In March, a credential stuffing campaign targeted multiple large Australian superannuation funds, compromising over 20,000 member accounts. This type of attack takes advantage of individuals who reuse the same password across accounts. Additionally, the attack highlighted a vulnerability within some superannuation funds where MFA was either not offered or not automatically enabled on some accounts. The attackers aimed to commit fraud, attempting fund transfers, with mixed results.
For more on cyber threat environment facing the public and private sectors in Australia, we highly recommend reading the Australian Signals Directorate’s Australian Cyber Security Center’s (ACSC) latest Annual Cyber Threat Report. The data includes trends and information on threat actor tactics and techniques as well as recommended actionable steps organizations and individuals can take to help mitigate these threats. Our LastPass Labs blog article summarizes the key takeaways.
Critical basics to get correct
Nate also shared four things every organization should be doing right now:
- Patch and update systems immediately.
- Use strong, unique passwords.
- Implement multi-factor authentication (MFA).
- Train employees on AI-driven phishing and social engineering.
As Nate said, “The threat is only going to increase—and AI will make it worse. Awareness and training are key.” Getting the basics right will lower your risk exposure, putting you and your organization in a better position to focus on the important stuff knowing you’re several steps ahead of the bad guys.
Interested in reading more about improving your cybersecurity posture? We recently shared guidance on password hygiene and how to stay compliant with password regulations. As the recent Entra account takeover campaign demonstrated, password hygiene is still the first step to keep your accounts secure. We also explore various 2-factor authentication (2FA) methods and weigh the pros and cons of each.
Listen to the full episode
If you’ve made it this far, by now you’ll have realized that no, we’re not a podcast about the 90s jam band Phish—but we do go deep. If you haven’t tuned in yet, we hope you’ll give our inaugural episode a listen. We had a blast recording it, and we’re just getting started. If you like what you’ve heard so far, stay connected with us.
- Subscribe for monthly threat intel deep dives.
- Access LastPass' Regional Report for detailed analysis of recent APAC trends and activity.
- Check out the LastPass Labs blog for more insights.
Thanks to all our inaugural listeners for taking the plunge with us on the first episode of The Phish Bowl. We'll be back with more threat environment updates in next month’s episode talking about North America, along with a corresponding regional report!
