From Global Trends to Local Threats: Kaspersky shares insights on Pakistan’s Cyberthreat Landscape

Following its participation in CTI Summit 2025 in Islamabad, global cybersecurity company Kaspersky presented statistics, unpacking Pakistan’s current cyberthreat landscape, and shared practical advice for staying cyber secure. During a media briefing session, Dmitry Berezin, Kaspersky’s Global Security Expert, focused on pressing cyberthreats facing the country, including exploits, ransomware and advanced targeted attacks. Understanding the growing and increasingly sophisticated cyberthreat landscape is crucial for organizations, while individuals should also stay aware and follow fundamental cyber hygiene principles, Kaspersky advices.

According to data from Kaspersky, over 5.3 million on-device attacks were detected in Pakistan in three quarters of 2025 (January-September): 27% of all users and 24% of corporate entities faced malware delivered via infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware. In the same period, over 2.5 million web attacks were blocked by Kaspersky solutions: 16% of all users and 13% of corporate entities faced web-based threats, that include phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and network spoofing, such as fake Wi-Fi networks.

More detailed statistic by malware types showed over 354,000 exploitation attempts stopped by Kaspersky solutions, 166,000 banking malware detections, 126,000 spyware attacks prevented, 113,000 backdoors and 107,000 password stealers blocked. Ransomware attacks, which are not characterized by mass distribution, but are more targeted on specific victims, were detected 42,000 times.

Top exploited vulnerabilities in Pakistan included two from 2025 in 7-Zip and several from previous years in Microsoft Office, HTML, WinRar, VLC player and Notepad++. This underscores the importance of timely updates both by individuals and organizations.

Furthermore, ransomware remains a leading reason of corporate cyber incidents globally and in Pakistan, with targeted groups selecting high-value victims across government and enterprise. Effective defence requires a combination of prevention and response actions. These include adopting rigorous patching, strong authentication, restricted remote access, deployment of endpoint detection and response (EDR) and extended detection and response (XDR) solutions such as those from the Kaspersky Next product line, regular backups, and continuous user awareness to mitigate phishing-driven initial access.

Kaspersky shared that the Pakistan is a focus for seven Advanced Persistent Threat (APT) groups. These both established and emerging groups target telecoms and financial services, critical infrastructure, defense, and government entities, while also extending their reach into commercial and emerging industries.

APT groups quickly adapt their tactics, techniques, and procedures. One such example of significant shift in tactics is seen in the recent targeted campaign, monitored by Kaspersky, by the APT group called ‘Mysterious Elephant’, that primarily targets organizations across the Asia-Pacific region, including in Pakistan. It aims to steal highly sensitive information, including documents, images, and archived files, with WhatsApp data targeted for exfiltration. In their 2025 campaign the attackers use a combination of exploit kits, personalized spear-phishing emails, and malicious documents, tailoring each attack to specific victims to gain initial access. Once inside the network, the threat actor employs a variety of tools and techniques to escalate privileges, move laterally, and exfiltrate sensitive data.

“Some threats are distributed widely, while others are highly focused. For example, exploitation of 0-day vulnerabilities is a tactic that is used by sophisticated cybercriminals in attacks such as ransomware and advanced persistent threats,” commented Dmitry Berezin, Kaspersky’s Global Security Expert. “Understanding the threat landscape becomes an operational necessity: when you know which threats are active in the region, you can fine-tune the security controls to be proactively protected against them.”

Kaspersky advices individuals to educate themselves and make cyber hygiene principles part of their IT routines, secure their devices with proper solutions, such as Kaspersky Premium, regularly install updates and back up valuable data. Defensive measures for organizations should include assessment of IT infrastructure and using solutions needed to secure all its elements – from endpoint protection to extended detection and response products; having threat intelligence; developing and updating cybersecurity policies and employee trainings such as those available within Kaspersky Security Awareness Platform.