Key Takeaways

• Lumen Technologies’ 2026 report highlights a shift in cyber attacks to upstream internet infrastructure, increasing vulnerability in Asia Pacific.
• Attackers are using generative AI and residential proxies to enhance their operations, shortening attack windows and obscuring origins.
• The rise of coordinated “heist crews” reflects a sophisticated approach to cybercrime, leveraging a variety of compromised devices and networks.

Cyber Threat Landscape Evolution

Lumen Technologies’ 2026 Lumen Defender Threatscape Report reveals a significant shift in cyber attacks, moving from endpoint-focused strategies to activities concentrated upstream within internet infrastructure. This change presents a heightened threat, particularly evident in Asia Pacific, where an increasing number of connected devices and rapid digitalization expose numerous potential entry points for attackers.

Attackers are increasingly utilizing compromised small office routers and internet-connected devices to conceal malicious activities within standard network traffic. The report emphasizes that organizations in this region often operate distributed networks across various locations, making exposed edge infrastructure a substantial vulnerability.

A notable finding is the adoption of generative AI by attackers, enabling them to more rapidly rebuild and rotate malicious infrastructure. This quickens the interval from system exposure to attack execution. Additionally, cybercriminals are targeting internet-facing devices like routers and firewalls, which offer privileged access and limited defense visibility.

The concept of “residentially disguised proxies” is also on the rise. In this model, both criminal and state-sponsored groups exploit compromised residential devices to reroute malicious traffic, allowing it to evade geographical controls and assumptions regarding trust.

The report indicates that attribution of advanced cyber campaigns has become increasingly murky, with espionage actors hijacking criminal infrastructures to obscure their identities, blurring the lines between state-directed and criminal activity.

For businesses in the Asia Pacific region, these findings underscore a broader threat landscape shaped by rapid digitization and strong interconnections among manufacturing, energy, telecommunications, and technology sectors. This interconnectedness amplifies potential attack surfaces, particularly in industries that rely heavily on extensive operational networks.

Research from IDC, sponsored by Lumen, identifies AI-driven threats in the region, including AI-enhanced phishing, language model prompt attacks, and AI-powered ransomware with real-time negotiation capabilities.

Wai Kit Cheah, APAC CISO at Lumen, emphasizes the changing nature of attacker behavior, noting that effective defense strategies must begin before attackers engage enterprise networks. Achieving network-layer visibility upstream is essential for early detection and disruption of adversarial activities.

The report introduces the “heist crew” model, in which cybercriminals operate with high-level coordination rather than relying on a single malware strain. This approach is highly effective in Asia Pacific due to the extensive array of connected devices. Lumen’s Black Lotus Labs monitors over 200 billion NetFlow sessions daily, maintaining visibility across broad IP address ranges.

Prominent examples from the report include Raptor Train, a botnet managed centrally that controlled over 200,000 IoT devices, and Kimwolf, a DDoS botnet that rapidly expanded to hundreds of thousands of bots through residential proxies.

Overall, early detection relies heavily on infrastructure intelligence. Lumen is building on its vast network capabilities to enhance visibility and reduce the likelihood of successful cyber-attacks.

The content above is a summary. For more details, see the source article.