Global Cyberattacks Surge as Kaspersky Reports Sharp Rise in Malware Activity

Kaspersky has revealed a significant escalation in global cyberthreats, with its detection systems identifying an average of 500,000 malicious files per day in 2025. This marks a 7% increase compared to 2024 and highlights the continuously evolving tactics used by threat actors. The data forms part of the Kaspersky Security Bulletin (KSB), which monitors and analyses annual cybersecurity trends across regions and platforms.

Growing Categories of Cyberthreats

Several threat categories saw notable spikes worldwide. Password-stealing malware surged by 59%, reflecting attackers’ increasing reliance on credential theft as a gateway into personal and corporate systems. Spyware detections climbed by 51%, while backdoor malware, often used to provide secret remote access to compromised systems, grew by 6%.

These increases align with broader global patterns: attackers are now more focused on stealth, persistence, and credential-harvesting as organisations reinforce perimeter defences.

Windows Still the Largest Target

Kaspersky’s findings reaffirm that Windows continues to be the primary target for cybercriminals, with 48% of global Windows users facing various threats in 2025. In comparison, 29% of Mac users encountered attacks—reflecting that while macOS remains less targeted, it is far from immune to modern malware.

Web Threats Affect More Than a Quarter of Users

Globally, 27% of users were exposed to web-based threats, including malicious websites, compromised ads, phishing pages, and browser-delivered malware.

• Latin America: 26% of users affected

• Africa: 25%

• Europe: 21%

• Middle East: 19%

Web threats often involve some interaction with the Internet, even if the attack appears offline at first. They remain a key vector for initial compromise through infected downloads, malicious scripts, or exploited browser vulnerabilities.

On-Device Malware Spread Remains High

On-device threats—those spread through USB drives, CDs, DVDs, bundled installers, and encrypted malicious files—impacted 33% of users globally.

Regional exposure varies significantly:

• Africa: 41% (highest globally)

• APAC: 33%

• Middle East: 32%

• Latin America: 30%

• Europe: 20%

The high infection rate underscores that removable media and offline-delivered malware continue to pose real risks, particularly in regions with frequent device-sharing or weaker endpoint protections.

Advanced Threat Activity and APT Resurgence

According to Alexander Liskin, Head of Threat Research at Kaspersky, the cyberthreat landscape has become increasingly complex. One of the most striking revelations of 2025 was the resurgence of the infamous Hacking Team, now rebranded but still active. Its commercial spyware, Dante, was deployed in the ForumTroll APT campaign, leveraging zero-day vulnerabilities in Google Chrome and Firefox.

Attackers continue to rely on:

• Unpatched vulnerabilities as primary infiltration routes

• Stolen credentials, contributing to the spike in password stealers

• Supply chain compromises, especially involving open-source ecosystems

This year even witnessed the emergence of Shai-Hulud, the first widespread NPM-based worm, demonstrating that developer tools and package repositories are a growing target.

Liskin warns that inadequate cybersecurity strategies can lead to extensive operational downtime, sometimes lasting months, for affected organisations. Individuals, too, risk compromising not only their data but also their employers’.

Recommendations for Individual Users

To minimise exposure to attacks, users should adopt basic but essential cybersecurity practices:

• Install applications only from trusted and official sources.

• Avoid clicking unknown links or suspicious online ads.

• Enable two-factor authentication wherever possible.

• Use strong, unique passwords and rely on reputable password managers.

• Regularly install operating system and app updates.

• Never disable security features upon request.

• Deploy a premium, robust security solution such as Kaspersky Premium.

Recommendations for Organisations

Businesses remain prime targets for threat actors, making multilayered cybersecurity essential. Kaspersky recommends:

• Keeping all systems and software updated to close exploitable gaps.

• Avoiding exposure of remote access tools like RDP to public networks.

• Using strong authentication for all remote services.

• Deploying advanced enterprise-level protections such as Kaspersky Next, which offers visibility, threat prioritisation, and response capabilities.

• Leveraging up-to-date Threat Intelligence to track attacker behaviours.

• Maintaining frequent, isolated backups to ensure rapid data recovery.

All the statistics in the report are drawn from Kaspersky Security Network (KSN), covering the period from November 2024 to October 2025. More insights and regional analyses are available in the full KSB report.