Recent analysis by Kaspersky’s ICS CERT highlights that biometric and identity systems — such as fingerprint, facial recognition, and access control platforms — are increasingly targeted by cyber attackers, especially across Southeast Asia.

Key Findings from Kaspersky

• High exposure rates:
Globally, malicious activity has been detected on over 27% of monitored biometric systems, while in Southeast Asia around 23.7% of these systems showed signs of cyber threats.

• Attack routes:
Most compromises occur through common entry vectors such as:

• Internet connections (web threats, malicious scripts),
• Email (phishing and infected attachments),
• Removable media and shared network folders.
  These vectors are used to deliver phishing pages, spyware, infected documents, scripts, and worms that breach weaker surrounding infrastructure.

• Systems targeted indirectly:
The biometric technology itself is seldom the weakest component. Instead, attackers exploit vulnerabilities in connected computers, networks, and supporting software, which then expose biometric data or disrupt operations.

Southeast Asia’s Unique Risk Landscape

• Rapid adoption of biometric tech — notably in public services, banking, transport, healthcare, and energy sectors — increases the attack surface.
• Countries like Malaysia show elevated phishing and spyware activity, including the highest share of email-based threats in some operational environments.
• The region also sees above-average malware exposure in industrial systems generally, with phishing pages and malicious scripts among the top web-based threats.

Why Biometric Data Is a Valuable Target

Cybercriminals are shifting focus beyond passwords and traditional credentials. Advanced phishing campaigns now aim to harvest biometric identifiers — such as facial images and fingerprints — because they are permanent and unchangeable, posing long-term risk if compromised.

Recommended Mitigation Steps

To reduce systemic vulnerabilities, security experts suggest organizations should:

• Maintain an updated inventory of operational technology (OT) assets.
• Conduct regular security audits and patching of both IT and OT systems.
• Improve network segmentation and monitoring to isolate critical identity infrastructure.
• Enhance detection and response capabilities, including training for IT and operational teams on identifying sophisticated phishing or malware threats.