India has overtaken Brazil and Spain as the country most targeted by cyber attackers, according to Swiss cybersecurity firm Acronis.

In May, 12.4% of the devices running on the Windows operating system in India experienced malware detections, the highest worldwide, rising to 13.2% in June, according to the Acronis Cyberthreats Report for the first half of 2025.

Malware, or malicious software, refers to a software program or code designed to gain unauthorized access to an endpoint such as a computer or a network, and disrupt operations.

India’s digital ecosystem faces a “perfect storm” of hostile factors, warned the report, which drew on threat intelligence from more than a million global endpoints or devices such as laptops and mobile phones.

Cyberattacks on official emails, known as business email compromise, increased from 20% in early 2024 to 25.6% in the first half of 2025, according to the Acronis report.

The cybersecurity firm attributed this to cybercriminals using sophisticated artificial intelligence tools to craft convincing messages impersonating official platforms to manipulate users into divulging sensitive information such as passwords or credit card details.

“Generative AI has lowered the barriers for attackers—making phishing emails, fake invoices and even deepfake-led scams cheaper, faster and harder to detect,” the report said.

“Post-pandemic hybrid work models have left organizations exposed through insecure remote setups, especially when connected with a public internet network,” said Rajesh Chhabra, general manager, India and South Asia, Acronis.

The report cited manufacturing, information technology services, and telecom among India’s most at-risk sectors.

The surge in cyberattacks in India is part of a broader shift in global cybercrime. Ransomware cartels such as Cl0p, Akira, and Qilin have ramped up their activities worldwide, while criminals increasingly weaponize trusted tools like remote management software to spread malware.

Cybercriminals use ransomware, a malicious software, to breach and make systems and files inaccessible, demanding a ransom for their release.