Kaspersky products blocked 47.5 million web-based cyberthreats targeting Indian internet users in 2025, affecting 24.7% of users and averaging 130,209 attacks per day, placing India 62nd globally per Kaspersky Security Network data. Browser exploits remain the primary vector, with file-less malware persisting as a top danger due to its memory-resident nature leaving minimal forensic traces. Globally, malicious emails rose 15%, with APAC seeing 30% of detections in spam, scams and malware-laden attachments.
Jaydeep Singh, General Manager for India at Kaspersky, highlighted maturing threats: “Phishing campaigns increasingly combine multiple channels. Cybercriminals lure email users into messengers or fraudulent calls for financial theft and blackmail. India reported multiple ‘digital arrest’ scams in 2025.”
Phishing sophistication escalates with QR codes and evasion
Attackers disguise phishing URLs via link protection services and QR codes, redirecting mobile scans to exploitation sites while evading traditional filters. Multi-channel phishing funnels victims from email to messaging or voice scams, extracting data for theft or extortion. Peak activity coincides with sales seasons exploiting predictable user behaviour.
Enterprises must extend protections to mobile scanning and cross-channel monitoring.
Essential cyber hygiene for individuals and organisations
Kaspersky recommends avoiding untrusted app sources, suspicious links/ads, enabling two-factor authentication, using strong unique passwords via managers, installing timely updates, ignoring disable-security requests and deploying robust solutions like Kaspersky Premium.
Organisations should prioritise software updates, isolate remote desktop services, deploy endpoint detection and response like Kaspersky NEXT EDR Expert, leverage threat intelligence and maintain offline backups.
Implications for India’s maturing threat landscape
The volume—47.5 million blocked threats—reflects both rising sophistication and Kaspersky’s efficacy, but 24.7% exposure demands proactive postures amid festive phishing spikes and digital arrest surges. CISOs face pressure to integrate memory forensics, QR validation and multi-vector detection into baseline controls.
