Kaspersky warns of rising cyber threats as Pakistan faces millions of attacks in 2025

ISLAMABAD:  Global cybersecurity firm Kaspersky has shared fresh insights into Pakistan’s evolving cyberthreat landscape, warning that both organizations and individual users face increasingly sophisticated digital attacks. The briefing followed the company’s participation in the CTI Summit 2025 held in Islamabad.

During the media session, Dmitry Berezin, Kaspersky’s Global Security Expert, highlighted key threats confronting Pakistan, including exploits, ransomware, and advanced targeted attacks. He stressed that as the country’s cyber landscape grows more complex, understanding these risks has become essential for institutions and citizens alike.

According to Kaspersky’s data, more than 5.3 million on-device attacks were detected in Pakistan between January and September 2025. The company reported that 27 percent of users and 24 percent of corporate entities encountered malware spread through infected USBs, CDs, DVDs, and hidden installers. The malicious activity included ransomware, worms, backdoors, trojans, password stealers, and spyware.

In the same period, Kaspersky solutions blocked over 2.5 million web-based attacks, affecting 16 percent of users and 13 percent of organizations. These threats included phishing scams, exploits, botnets, Remote Desktop Protocol abuse, and network spoofing attempts involving fake Wi-Fi networks.

A breakdown of malware types showed 354,000 exploitation attempts, 166,000 banking malware detections, 126,000 spyware attacks, 113,000 backdoors, and 107,000 password stealers were blocked. Ransomware — typically used in targeted attacks — was detected 42,000 times.

Kaspersky noted that the most exploited vulnerabilities in Pakistan included two newly identified flaws in 2025 linked to 7-Zip, along with older vulnerabilities in Microsoft Office, HTML components, WinRar, VLC Player, and Notepad++. The company emphasized the importance of timely updates to limit exposure to such weaknesses.

Ransomware, Kaspersky warned, remains a leading cause of corporate cyber incidents in Pakistan, with threat actors focusing on high-value victims across the government and enterprise sectors. Effective defense, the company said, requires strong authentication systems, restricted remote access, regular patching, robust backup practices, and deployment of modern detection and response tools such as EDR and XDR technologies.

Kaspersky also revealed that Pakistan is a target for seven Advanced Persistent Threat (APT) groups, which focus on telecom and financial institutions, critical infrastructure, defense organizations, and government bodies. These groups have increasingly expanded operations into commercial and emerging industries.

One example highlighted was a recent campaign by the APT group “Mysterious Elephant”, which targets entities across the Asia-Pacific region, including Pakistan. The campaign aims to steal sensitive data — such as documents, images, archived files, and even WhatsApp records — using exploit kits, tailored spear-phishing emails, and malicious documents. Once inside a network, the attackers move laterally and exfiltrate high-value data using stealthy techniques.

“Some threats are widespread, while others are highly focused,” Berezin said. “Exploitation of zero-day vulnerabilities, for instance, is a favored tactic of sophisticated cybercriminals behind ransomware and APT attacks. Understanding the threat landscape becomes an operational necessity.” Kaspersky advised individuals to strengthen cyber hygiene by regularly updating devices, backing up important data, and using trusted security solutions such as Kaspersky Premium. For organizations, it recommended comprehensive assessments of IT infrastructure, adoption of endpoint and extended detection tools, access to threat intelligence, and updated cybersecurity policies and employee training programs available through the Kaspersky Security Awareness Platform. Staff Report