Pakistan faced over 5.3 million on-device cyberattacks in the first three quarters of 2025, according to recent data released by global cybersecurity firm Kaspersky. The company presented its findings during a media briefing following the CTI Summit 2025 in Islamabad, highlighting a significant increase in ransomware incidents, advanced targeted attacks, and exploits affecting both individuals and organizations. Kaspersky experts emphasized that the growing sophistication of cybercriminal tactics requires heightened awareness and robust security measures across all sectors to mitigate potential damage.
The statistics reveal that 27 percent of Pakistani users and 24 percent of corporate entities encountered malware through infected USB drives, CDs, DVDs, and hidden installers between January and September 2025. Threats included ransomware, worms, backdoors, trojans, password stealers, and spyware. Web-based attacks were also prevalent, with over 2.5 million incidents blocked during the same period. Kaspersky noted that 16 percent of users and 13 percent of organizations were exposed to phishing campaigns, exploit attempts, botnets, Remote Desktop Protocol intrusions, and spoofed Wi-Fi networks, underlining the diverse methods employed by attackers.
Detailed analysis of malware activity showed that more than 354,000 exploitation attempts were successfully stopped, while banking malware detections reached 166,000. Additionally, 126,000 spyware attacks, 113,000 backdoors, and 107,000 password-stealing programs were blocked. Ransomware attacks numbered 42,000, often targeting high-value individuals or organizations rather than relying on mass distribution techniques. Kaspersky highlighted that many attacks exploited outdated systems and software vulnerabilities, including flaws in 7-Zip, Microsoft Office, HTML, WinRAR, VLC Player, and Notepad++. The company stressed the importance of regular software updates, strong authentication protocols, restricted remote access, and deployment of endpoint detection and response (EDR) and extended detection and response (XDR) solutions to reduce exposure.
Kaspersky also reported that Pakistan continues to be targeted by seven Advanced Persistent Threat (APT) groups, frequently focusing on telecom operators, financial institutions, critical infrastructure, government agencies, and emerging commercial sectors. One notable campaign in 2025 involved the APT group Mysterious Elephant, which aimed to exfiltrate sensitive data including documents, images, archived files, and WhatsApp content using exploit kits, spear-phishing, malicious documents, and post-intrusion privilege escalation techniques. The company advised individuals to maintain strong cyber hygiene, secure devices with trusted solutions, keep systems updated, and back up important data. For organizations, Kaspersky recommended comprehensive IT infrastructure assessments, deployment of modern endpoint and extended detection tools, access to threat intelligence, and ongoing employee training to counter Pakistan’s increasingly complex cyberthreat landscape.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
