The Philippines ranked 20th globally in the first half of 2025 among countries most affected by cyberattacks, according to the Microsoft Digital Defense Report 2025.
The report highlighted a surge in financially motivated cybercrime, with extortion and ransomware accounting for more than half of attacks worldwide. It also noted the increasing sophistication of cybercriminals and nation-state actors, making digital security a growing concern for businesses, government agencies, and critical infrastructure.
Peter Maquera, CEO of Microsoft Philippines, called the ranking “a wake-up call for organizations across sectors.” He emphasized the need for a national focus on cybersecurity, saying, “As digital transformation accelerates, we must ensure that every Filipino—whether in government, healthcare, education, or business—is protected by resilient, modern security solutions.”
Identity attacks surge
The report revealed that identity-based attacks increased by 32% globally. Infostealer malware, which harvests credentials, has been a major driver of these attacks. The Philippines was among the top 20 countries impacted by Lumma Stealer, a malware-as-a-service platform that was disrupted by Microsoft and law enforcement in May 2025.
Critical services at risk
Hospitals, local governments, and schools remain prime targets due to outdated systems and limited cybersecurity budgets. Meanwhile, threat actors are increasingly using generative AI to scale phishing and social engineering attacks. At the same time, defenders are leveraging AI to detect anomalies and automate responses.
Nation-state espionage
The report also flagged activities by Chinese threat actors targeting the Philippines as part of broader espionage campaigns in Southeast Asia, focusing on IT, government, and academic sectors.
Taking action
Microsoft urged organizations to adopt phishing-resistant multifactor authentication (MFA), which can block over 99% of identity-based attacks, even when attackers have valid credentials.
The company stressed that cybersecurity must go beyond technical measures and be embedded into business strategy and governance. Through initiatives like its Secure Future Initiative, Microsoft aims to help Filipino organizations build resilience against increasingly sophisticated cyber threats.
—with Rosette Adel