Pathway for Transnational Cybercrime as a Growing Threat | #cybercrime | #infosec

Cybercrime is a leading global issue, replacing traditional crime, as it offers lower risks for criminals and a high level of scalability, allowing multiple cyber groups to control, penetrate, and deploy access attacks across the world, gaining all types of information through various means.

According to the Australian Federal Police, it is a crime directed at computers or other information and communication technologies, such as computer intrusion and denial-of-service attacks.

Cambodia has been labeled one of the growing hubs of transnational cybercrime in Southeast Asia earning more than it gets from the textile industry. This applies also to Cambodia’s neighbors, such as Myanmar, Thailand and Laos. 

Cambodia has drawn national and international criticism and is in urgent need to restore the country’s cybersecurity and economic prospects, particularly in tourism. 

As the type of attack advanced, scamming operations expanded, recruiting workers nationwide. Many have fallen victim to this crime, making it a frustrating issue for people with assets and personal data stored on the internet.

The Rise of Cybercrime

The number of cyberattacks and cybercrimes has been overwhelming and rapidly expanding, making the country a weak spot. According to a UN report, 100,000 people were engaged in these operations in 2026 (OHCHR, 2023), either directly working in them or falling victim to them.  

Hubs in Cambodia operate in a hybrid way, with a mix of internal and external attacks on each victim. It not only targets the global population but also the local population. Some of these crimes are committed by a local business residing in the country to target victims in 110 countries.

A weak security system, unable to adapt to rapid industrialization, without adequate safeguards, and a framework lacking accuracy, has created a fertile ground for cybercrime to establish operations in Cambodia. 

The nation’s reputation has been stained by being turned into a hub of organized crime in Southeast Asia, while also affecting various sectors of the country.

For example, scamming compounds in Sihanoukville, also known as “Sin City,” have drawn enormous attention, identifying at least 22 operating sites, employing local and foreign nationals working in these sites, and luring them with false-promise jobs that also distort Cambodia’s reputation and presence on the international stage. 

Such a highlight has affected the national labour force, not only by individuals but also by luring the working class of young adults in Cambodia, promising high-paying jobs and minimal experience and skills meals and a place to stay. 

Workers are not just local but also from the nearby country, with the same offer and also relying on forced labor. 

The economy has been profoundly impacted since the labor force has been weakened by having fewer workers in an industrial sector such as textiles.

Scamming has been generating billions of dollars, surpassing other sectors, including industries, creating a term called “illicit revenue,” generating an estimated  $12.5 billion annually, and taking over 50 percent of the GDP.

Weak cybersecurity in Cambodia

Cambodia’s cybersecurity has been highly controversial, leaving the system vulnerable to exploitation by scammers and undermining it. Its infrastructure is considered very weak, ranking low globally. As for the National Cyber Security Index (NCSI), Cambodia has ranked 119th-120th globally and ranked 132nd on the Global Cybersecurity Index (GCI) list. 

As the economic growth for both public and private sectors has constantly faced cyberattacks and cyber threats daily, according to Konrad Adenauer Stiftung (KAS), most of the targets that these attacks aim for are ministries, national committees, national police, the military and the Supreme Court.

These face malware attacks that gather all types of sensitive government information. A proportion is being stolen, and some is stored in the attackers’ system.

All of these vulnerabilities point out the shortage of ICT security professionals, with a lack of institutional training in these skills that make it even more difficult to handle incident response, making it difficult to track and hunt down these threats.

Public awareness is lacking with many organizations, with individuals leaving their digital footprint all over the internet, regarding the security of each individual, while cyber scamming compounds are appearing continuously around Cambodia that hinder the qualities of national cybercrime resilience, staining the image of local authorities and the ability to handle these advancing problems.

What Has Been Done

The government has put effort into cracking down on scamming hubs and human trafficking compounds, especially in special economic zones. 

As of May, it has arrested and deported back to their home country, more than 30,000 foreign nationals. In January, police raided and arrested 2,044 foreign suspects, including Chinese, Burmese, Vietnamese, Indians and Nepalese, closing approximately 92 sites.

In Shihaknoukville, neutralizing 118 sites led to the arrest of 4,983 individuals from 23 nationalities. Another milestone is the creation of the Commission for Combating Online Scams (CCOS), which has raided multiple scamming centers, over 250 sites, and 90 casinos, making high-level arrests of individuals such as Chen Zhi while cooperating closely with China, South Korea, and Thailand to establish a joint investigation and law enforcement.

Ways Forward to Strengthen National Cybersecurity

To strengthen national cybersecurity and make it a safe place for businesses and citizens, first, the government should intensify rapid investigations and crackdowns, and fully enforce existing digital security and scam center laws to ensure full penalties for any activity categorized as online fraud. 

Enforce and implement cybersecurity protection laws, safeguard enterprises, and encourage cooperation, thereby promoting legitimate foreign direct investment.

Second, enhance the computer security incident response team (CSIRT) service to provide a structured cyber-resilience standard, detect potential risk indicators, and respond to cybersecurity incidents in banking and telecommunications to minimize damage and restore the attacked system. 

Additionally, CSIRT should expand cooperation with local and regional organizations and individuals to promote international cooperation and help detect early-conducted crime, serving as a primary defense across each sector.

Lastly, introduce mandatory cybersecurity awareness to students and private and federal workers by 2030 to ensure a basic understanding of cybercrime and the common types of scams used to target individuals for financial and credential access, invading their personal digital footprint. 

By combining strong protective laws, promoting collaboration, and raising public awareness of this issue, it will foster a sustainable environment for economic and technological growth while safeguarding Cambodia’s digital resources.

Sarith Seyhakmonik is an undergraduate pursuing a bachelor’s degree in international relations from the Institute for International Studies and Public Policy. Her research interests lie in public policy and digital security.