Kaspersky Exposes Startling Cyberattack Surge in Pakistan During 2025

In a sobering revelation, global cybersecurity firm Kaspersky reported that Pakistan endured more than 5.3 million cyberattacks on devices in the first three quarters of 2025 (January–September), according to data shared at its CTI Summit in Islamabad.

Key Findings

• Wide-ranging malware:
  • 27% of individual users and 24% of companies in Pakistan encountered malware via infected USB drives, CDs, DVDs, and hidden installers.
  • The types of malware detected included ransomware, worms, backdoors, trojans, spyware, and password-stealers.
• Web-based attacks:
  • Over 2.5 million web attacks were blocked during the same period.
  • Threats included phishing, exploit kits, botnets, Remote Desktop Protocol (RDP) intrusions, and malicious Wi-Fi spoofing.
• Malware breakdown:
  • 354,000 exploitation attempts were stopped.
  • 166,000 banking malware detections, indicating a strong focus on financial cybercrime.
  • 126,000 spyware attacks, 113,000 backdoors, and 107,000 password-stealers were also foiled.
  • 42,000 ransomware incidents were recorded — notable for being targeted, rather than mass-distributed.
• Vulnerabilities exploited:
  • Attackers heavily leveraged flaws in 7-Zip, including newly discovered ones in 2025.
  • Other commonly exploited software: Microsoft Office, HTML-based apps, WinRAR, VLC Player, Notepad++ — many due to outdated versions.
• Advanced Persistent Threat (APT) actor activity:
  • Pakistan remains a target for seven APT groups, per Kaspersky.
  • A particularly active campaign has been tied to a group known as “Mysterious Elephant”, which uses exploit kits, spear-phishing emails, and malicious documents to infiltrate networks.
  • Once inside, the attackers escalate privileges, move laterally, and exfiltrate sensitive data — including documents, archived files, images, and even WhatsApp data.

Contributing Factors & Risks

Kaspersky warns that the high volume and sophistication of attacks reflect weak cyber hygiene, outdated software, and insufficient security practices in both individual and corporate environments.

Other risk factors identified include:

• Remote work and BYOD (Bring Your Own Device): Many Pakistani workers use personal and work devices interchangeably.
• Lax device protection: According to a parallel survey by Kaspersky, a significant portion of professionals do not have security solutions installed across all their devices.
• Human error: Employee behavior — like connecting work devices to public Wi-Fi or using them for personal tasks — amplifies risk.

Warnings & Recommendations

Kaspersky has issued several strategic recommendations to mitigate the threat landscape in Pakistan:

1. Update systems promptly: Patch management must be a priority — especially for high-risk software like 7-Zip, Office, VLC, etc.
2. Improve authentication and access control: Use strong authentication, limit remote access, and enforce strict access policies.
3. Deploy advanced cybersecurity solutions: Organizations are urged to adopt Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) tools — Kaspersky recommends leveraging its own Next-Gen security line.
4. Regular backups: Backing up data remains a fundamental defense against ransomware.
5. Continuous employee training: Cybersecurity awareness programs are critical — training staff to recognize phishing, enforce secure practices, and understand APT threats.
6. Threat intelligence integration: Companies should use threat intelligence services to stay ahead of emerging APT tactics.

Strategic Implications

• National security risk: The presence of multiple APT groups targeting critical infrastructure and high-value sectors (telecom, government, finance) underscores a serious national cybersecurity threat.
• Economic vulnerability: Banking malware and ransomware pose significant risks to Pakistan’s financial institutions, potentially undermining trust in digital banking.
• Regulatory urgency: The scale of attacks may push Pakistani regulators, CERTs, and financial bodies to tighten cybersecurity mandates and enforce stricter cyber hygiene across public and private sectors.
• Digital literacy gap: The data suggests that raising awareness among everyday users — not just IT teams — is vital for reducing the threat surface.

Kaspersky’s 2025 threat intelligence paints a stark picture: cybercriminals targeting Pakistan are growing more sophisticated, and both individuals and organizations must urgently elevate their cybersecurity posture. The risks are not theoretical — they’re already materializing in millions of blocked attacks, and without proactive defense, the country remains exposed.