​Sri Lanka climbs to 20th in global web-borne cyber threats in 2025- Kaspersky

​Sri Lanka continues​ to face significant cybersecurity challenges, with 30.4 percent of internet users experiencing Kaspersky web-borne cyberattacks in 2025, according to the latest Security Bulletin. 

The report places Sri Lanka in the 20th position globally when it comes to the dangers associated with surfing the web.

​During the January-December 2025 period, Kaspersky products detected 9,153,362 different internet-borne cyberthreats on the computers of the Kaspersky Security Network participants in Sri Lanka. This figure highlights the persistent and evolving nature of cyber threats targeting Sri Lankan internet users. 

The 2025 data reveals a marked escalation when compared to 2024, during which Kaspersky detected 8.69 million internet-borne cyberthreats and ranked the island 22nd globally. This year-on-year increase of nearly half a million detected threats indicates that the cybercriminals are intensifying their focus on the local digital landscape as the nation digitises its business framework.

​“Web threats remain one of the most significant cybersecurity challenges for Sri Lankan users and businesses,” said Kaspersky Managing Director APAC Adrian Hia. 

“With nearly one in five users experiencing attacks in 2025, it’s clear that the cybercriminals are increasingly targeting the region’s growing digital economy.”

​The report identifies two primary attack methods used by the cybercriminals to penetrate the systems. The first involves exploiting the vulnerabilities in the browsers and their plugins through drive-by downloads, where the infection occurs when visiting a compromised website without any user intervention. Among these, file-less malware poses the greatest danger, as its malicious code uses registry or WMI subscriptions for persistence, leaving no single object for static analysis on the disk.

​The second method relies on social engineering, where the cybercriminals deceive the users into downloading malicious files disguised as legitimate programmes. This approach requires user participation and preys on trust and urgency to compromise systems. 

In 2024, Sri Lanka experienced a massive surge in targeted social engineering campaigns—recording over 9,200 financial phishing incidents aimed at the B2B sector alone—setting a precedent for the refined deceptive tactics observed throughout 2025.

​To combat these sophisticated threats, Kaspersky products deploy advanced protection technologies including Behaviour Detection, which uses machine learning-based models and behaviour heuristics to detect malicious activity even when the code is unknown. The company’s Exploit Prevention technology reveals and blocks malware attempts to exploit software vulnerabilities in real time.

​“As Sri Lanka continues its digital transformation journey, protecting against web-based threats becomes increasingly critical,” Hia added. “Organisations and individuals must adopt comprehensive security solutions that go beyond traditional antivirus protection to include proactive, machine learning-based detection and behaviour analysis.”

​Kaspersky recommends that the users avoid downloading applications from untrusted sources, refrain from clicking links from unknown sources or suspicious advertisements and enable two-factor authentication wherever available. Organisations should keep all software updated, avoid exposing remote desktop services to public networks and implement advanced security products for comprehensive visibility across corporate infrastructure. 

The full Kaspersky Security Bulletin for 2025 is available at Securelist.com, providing detailed insights into global and regional threat landscapes.