Get Your Free Report
Start for Free

Welcome to SOCRadar’s 2025 Philippines Threat Landscape Report!

Explore the evolving cyber threats shaping the Philippines’ digital environment with SOCRadar’s 2025 Philippines Threat Landscape Report. This analysis highlights which sectors are most exposed, how threat actors use the dark web, ransomware, phishing, and DDoS, and what these trends mean for organizations operating in the country.

Download the full report today to gain strategic insights and better protect your organization against cyber risks in the Philippines.

Key Insights from the Philippines’ Cyber Threat Landscape

High-Risk Sectors: Public Administration (20.5%), Educational Services (14.8%), and Finance & Insurance (10.1%) together account for nearly 45% of dark web threats, showing attackers’ focus on sensitive data and critical services.
Domestic-Focused Threat Activity: 78.3% of dark web threats and 88.2% of ransomware attacks target Philippine entities exclusively, indicating primarily local campaigns with limited cross-border spillover.
Data Leaks and Access Sales Dominate: Selling (55.8%) and sharing (40.8%) drive dark web activity, with 80% of threats involving data/database leaks and 14% offering access to systems and networks.
Fragmented Ransomware Landscape: Medusa (16.1%), Qilin (9.7%), and LockBit 3.0 (6.5%) lead attacks, while nearly 68% of incidents come from many smaller groups.
Phishing Pressure on E-Commerce: E-commerce faces 43.2% of phishing attacks, followed by Information Services, Finance, and Healthcare. BET365-themed phishing pages make up almost half of all incidents, and 57.7% of phishing pages use HTTPS.
Significant DDoS Risk: The Philippines recorded 10,480 DDoS attacks, with peak bandwidth reaching 588.12 Gbps and average durations of 96 minutes, posing serious disruption risks to online services.

Why This Report Matters

Organizations in the Philippines operate in a threat landscape dominated by data leaks, access sales, fragmented ransomware activity, and highly targeted phishing against e-commerce and online services. Understanding these patterns is essential for prioritizing defenses, improving incident readiness, and protecting both citizen and customer data.

Take Action Now

  • Dark Web Monitoring: Detect exposed credentials, databases, and unauthorized access listings tied to Philippine organizations.

  • Ransomware Intelligence: Track active ransomware groups like Medusa, Qilin, and LockBit 3.0 and prepare tailored response plans.

  • Phishing Detection & Response: Monitor for e-commerce and betting-themed phishing, and strengthen user awareness and fraud prevention.