One of the most dangerous cyber threats to businesses is on the rise in India.
In 2025 alone, Kaspersky’s enterprise solutions detected and blocked 715,077 attacks via backdoors in India, marking a significant 23% year-on-year increase.
Backdoors provide the attackers with remote administration of a victim’s machine. Unlike legitimate remote administration utilities, backdoors install, launch, and run invisibly, without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute, and delete files, harvest confidential data from the computer, log activity on the computer, and more.
Kaspersky’s telemetry recorded 715,077 backdoor detections targeting businesses in India in 2025, up 23% from the previous year.
The most alarming part, according to Kaspersky’s telemetry, is the persistent year-on-year (YoY) rise of backdoor detections targeting businesses in India. This upward trend signals a deliberate and growing focus by threat actors on maintaining persistent, covert access to enterprise environments across the country.
Kaspersky’s detection systems also intercepted over 20,200,189 on-device attacks across Indian businesses in 2025, a 3% year-on-year increase. On-device threats are malware spread by offline methods, including those of removable USB drives, CDs, DVDs, or files that make their way onto computers in non-open forms, such as those in complex installers or encrypted files.
On-device attacks in India rose 3% year-on-year in 2025, reflecting the continued risk posed by removable media and offline infection vectors in enterprise environments across the country.
“Businesses in India experienced 23% more backdoor attacks in 2025 versus 2024. This rise points to a fundamental change in how attackers operate. They are no longer satisfied with a single breach. They want persistent, invisible access to operate undetected for weeks or months,” comments Jaydeep Singh, General Manager for India at Kaspersky.
“The introduction of India’s Digital Personal Data Protection Act further raises the stakes, as organisations that fail to detect and contain hidden access risk not only face operational disruption but also significant regulatory consequences. As India’s digital economy grows, so does the responsibility of every enterprise to invest in proactive defences. Organisations must move beyond reactive security, real-time visibility, timely patching, and layered defences are the baseline every business must meet to stay protected,” he adds.
To stay protected against on-device attacks, Kaspersky recommends:
- Always keep software updated on all the devices you use to prevent attackers from infiltrating your network.
- Back up corporate data regularly. Backups should be isolated from the network. Make sure you can quickly access the backups in an emergency if needed
- Use advanced security solutions like Kaspersky Next for comprehensive visibility across all company’s corporate infrastructure to rapidly detect, investigate and neutralise complex threats.
- Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
- Receive comprehensive and detailed analysis of security incidents with Kaspersky Incident Response. This service covers the entire investigation and response process, including initial containment, evidence collection, identification of the primary attack vector and development of an effective mitigation plan.
- Align your internal processes and technologies with today’s evolving threat landscape through Kaspersky SOC Consulting. This service helps you build an in-house SOC from scratch, assess the maturity of an existing SOC or enhance specific capabilities such as detection and response procedures.
