Organized crime networks across Asia and the Pacific are now generating nearly $40 billion annually through AI-enhanced scams, according to INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report. The findings paint a stark picture of how rapidly digitalization, combined with artificial intelligence tools, has transformed the region into a hub for transnational cybercrime (Source 1, 3).

The scale of the problem is staggering. More than half of the surveyed jurisdictions reported that cybercrime now accounts for over 30% of all crimes recorded nationally. What makes this crisis particularly urgent is the industrialization of scam operations. Criminal groups have established dedicated compounds in Cambodia, Lao PDR, Myanmar, and the Philippines, running investment fraud, romance scams, and other deception schemes with the efficiency of legitimate businesses.

How Are Criminals Using AI to Commit Fraud at Scale?

The weaponization of artificial intelligence has fundamentally changed how cybercriminals operate. Threat actors are leveraging AI tools to enhance phishing campaigns, create convincing fake content, and automate parts of their operations at unprecedented speed. The most alarming development is the rise of deepfake technology in fraud schemes.

Discussions related to deepfakes on cybercriminal forums and messaging channels used by Southeast Asian threat actors increased by 600% during the first half of 2024 alone. This explosion in interest reflects how accessible and effective deepfake tools have become for criminals. One widely reported case illustrates the danger: an employee at a multinational firm in Hong Kong transferred $25 million after participating in a video call featuring deepfake impersonations of company executives.

The effectiveness of AI-enhanced attacks extends beyond deepfakes. AI-automated phishing emails now achieve a 54% click-through rate, compared with just 12% for standard phishing, according to the Microsoft Digital Defense Report 2025. By mimicking tone and context, AI-enhanced lures are 4.5 times more effective than traditional phishing attempts.

What Types of Cybercrimes Are Surging Across the Region?

While AI-driven fraud captures headlines, the broader cybercrime landscape in Asia-Pacific remains diverse and devastating. Law enforcement agencies across the region are grappling with multiple threat vectors simultaneously:

• Ransomware Attacks: More than 135,000 ransomware-related attacks were recorded in 2024, with one incident involving Indonesia's National Data Centre disrupting over 280 public services, including immigration and airport operations (Source 1, 3).
• Phishing and Credential Theft: Phishing remains one of the most common methods used to gain access to systems, with 5.5 out of every 1,000 individuals in the region clicking on phishing links monthly, approximately twice the global average. Stolen credentials frequently facilitate fraud, account compromise, and ransomware attacks.
• DDoS Attacks: Distributed denial of service attacks surged by 92% in 2024 compared to the previous year, with system intrusions accounting for approximately 80% of data breaches reported in the region.
• Data Breaches: Malware was present in 83% of breaches and ransomware in 51%, showing how interconnected these threats have become.

Between January and December 2024, more than 6.5 billion cyber threats were detected and mitigated across the Asia and South Pacific region. The sheer volume underscores how overwhelmed regional law enforcement and private sector defenders have become.

Why Are Schools and Educational Institutions Particularly Vulnerable?

K-12 schools have emerged as especially attractive targets for AI-powered attacks. These institutions hold vast amounts of student data, operate primarily within trusted platforms like Google Workspace and Microsoft 365, and often have limited cybersecurity resources. Attackers are exploiting this vulnerability with precision.

In one recent campaign targeting higher education, attackers compromised accounts and distributed disturbing content through Google Classroom and Google Forms. Because the activity originated within familiar platforms, it bypassed many conventional perimeter defenses. More than 85% of teachers and students reported using AI in the 2024-2025 school year, according to research from the Center for Democracy and Teaching, creating both opportunities and risks.

"The Asia and South Pacific region is home to some of the world's fastest-growing digital economies, and increasingly, some of its most determined cybercriminals. Rapid connectivity has unlocked immense opportunity, but uneven cybersecurity maturity across the region continues to create openings that transnational actors are quick to exploit," said Neal Jetton, Director of the Cybercrime Executive Directorate Investigation Support at INTERPOL.

Neal Jetton, Director, Cybercrime Executive Directorate Investigation Support at INTERPOL

How Can Organizations Defend Against AI-Enhanced Threats?

Defending against AI-powered attacks requires a multi-layered approach that goes beyond traditional security measures. Organizations must focus on three critical areas:

• Policy Updates: Acceptable use policies must expressly define the misuse of synthetic or fabricated media and content. Without clear definitions, districts and organizations may be legally and operationally vulnerable when attacks occur.
• Staff and Student Training: Traditional advice to check email sender addresses is now obsolete. Training must address AI-powered vishing, deepfake impersonations, and automated social engineering. Teachers must help students understand how AI-generated content can cause permanent damage and harm reputations.
• Modern Detection Tools: Security solutions must live inside the ecosystems where work happens, such as Google Workspace and Microsoft 365. Systems that detect abnormal behavioral patterns, such as a student account suddenly sharing hundreds of files at 2 a.m. from another country, allow IT teams to identify and stop risks before they escalate.

Despite the challenges, there are signs of progress. Among INTERPOL member countries surveyed, 66.7% have adopted AI tools and systems for predictive analysis, digital forensics, and threat detection. Several countries are also strengthening national cybercrime legislation and investing in specialized law enforcement units to address increasingly sophisticated threats.

The regional disparity in cybersecurity maturity remains a critical vulnerability. While some countries have comparatively advanced cybersecurity frameworks and institutional capabilities, many developing countries and small island states continue to face significant resource and capacity constraints. Jurisdictions with fragmented enforcement structures, limited technical capabilities, and weaker legislation remain particularly vulnerable to exploitation by transnational criminal networks.

As AI tools become more accessible and powerful, the race between defenders and attackers is accelerating. The $40 billion annual haul from scam operations in Asia-Pacific demonstrates that cybercriminals are winning this race, at least for now. Closing the gap will require sustained investment in technology, training, and international cooperation across the region.