Islamabad: Pakistan experienced more than 5.3 million cyber-attacks in the first three quarters of 2025, according to the latest report by global cybersecurity firm Kaspersky. The report highlighted a steady increase in cyber threats, including malware, phishing, botnet attacks, ransomware, and targeted attacks on high-value systems.
Malware Hits Individuals and Companies:
Kaspersky found that 27% of individual users in Pakistan were affected by malware attacks. Corporate organizations also faced serious threats, with 24% reporting infected devices that exposed them to potential cyber risks.
Millions of Web-Based Attacks Blocked:
The report revealed that more than 2.5 million web-based attacks were successfully blocked. This reflects growing vulnerabilities in Pakistan’s digital infrastructure.
Rise in Phishing, Botnets, and Fake Wi-Fi Attacks:
Statistics show a notable increase in phishing attempts, botnet activity, and hacking via fake Wi-Fi networks across Pakistan.
Major Threats Blocked:
- Kaspersky also shared key figures on blocked attacks:
- 354,000 exploit attempts were stopped.
- 166,000 banking malware attacks were blocked.
- 126,000 spyware attacks were prevented.
- 42,000 ransomware attacks were reported.
Hackers Target High-Value Systems:
The report highlighted that hackers in 2025 specifically targeted high-value systems, exploiting vulnerabilities in software that lacked updates. Platforms considered weak included WinRAR, Microsoft Office, and VLC Player.
APT Groups and Targeted Campaigns:
Seven different Advanced Persistent Threat (APT) groups targeted Pakistan during the year. Among them, the “Mysterious Elephant” group carried out targeted campaigns against sensitive national institutions.
New Techniques Threaten Data Security:
Hackers used advanced methods to access WhatsApp and steal sensitive or confidential documents, posing serious risks to data security.
Warnings for Citizens and Institutions:
Kaspersky urged Pakistani organizations to adopt advanced security solutions like EDR and XDR. Ordinary citizens were advised to practice basic cyber hygiene, regularly update systems, and avoid unverified files, links, and apps.
