Breaking News
TracySri Lanka continues to face rising wave of malware and phishing cyber threats
Tracy
Jul 23 2025
34
As Sri Lanka advances its digital transformation agenda, the nation is confronting a rapidly escalating wave of cyber threats. The latest cybersecurity data from global leader Kaspersky reveals a concerning surge in malware infections and phishing attacks, putting individuals, businesses, and public sector entities at significant risk.
Globally, Kaspersky blocked over 302 million malware attacks in 2024 alone, while unique malicious web objects detected rose to more than 72 million. Phishing attacks, which trick users into disclosing sensitive information, increased by 26% compared to the previous year. Alarmingly, phishing attacks exploiting financial services and cryptocurrency themes surged by 83.4%.
Sam Yan, Head of Sales for Asia Emerging Countries at Kaspersky, notes, “The trends we see globally are increasingly reflected in Sri Lanka’s digital environment. Phishing attacks have evolved beyond simple email scams to sophisticated social engineering tactics that prey on users’ trust and lack of cybersecurity awareness. Many Sri Lankan organizations and everyday users remain vulnerable due to limited security education and outdated defense systems.”
The surge in cybercrime comes as Sri Lanka embraces digital payments, e-commerce, and cryptocurrency investments. With mobile banking adoption growing rapidly, attackers now target smartphones with malware disguised as legitimate applications, such as fake VPNs or parcel tracking services.
According to Sam, “Sri Lanka’s expanding digital footprint is a double-edged sword. While digital services bring convenience, they also expose users to risks like credential theft and financial fraud. Cybercriminals adapt quickly, exploiting new vulnerabilities and trends such as remote work and digital wallets.”
Experts emphasize that mitigating these risks requires a multi-layered approach: implementing strong technical defenses such as endpoint protection and web filtering; fostering public cybersecurity awareness campaigns; and enforcing stricter regulations around data privacy and online transactions.
Sri Lankan businesses, especially SMEs, must prioritize cybersecurity as a core element of their operational strategy. Sam adds, “Investment in cybersecurity is no longer optional but a necessity. This includes adopting multi-factor authentication, conducting regular staff training, and collaborating with cybersecurity providers for threat intelligence.”
Public institutions also play a critical role. As digital government initiatives expand, safeguarding citizen data and online services from phishing and malware attacks is vital to maintaining public trust.
Kaspersky’s report highlights that financial phishing, particularly in the business-to-business (B2B) sector, is on the rise. Sri Lanka ranks among the countries with the highest number of phishing attacks aimed at B2B financial notifications, with 9,218 incidents detected in 2024.
To counteract this growing threat, Kaspersky recommends that businesses and financial institutions in Sri Lanka implement a series of proactive security measures: Deploy anti-phishing technologies to detect and block malicious communications in real-time. Invest in employee training to raise awareness about phishing tactics and how to spot suspicious activities. And implement multi-factor authentication (MFA) to add an extra layer of protection to sensitive financial transactions.
Sri Lanka’s position as a growing target for financial phishing attacks is not unique. According to Kaspersky’s global statistics, countries such as Belarus, Moldova, and the Philippines top the list for the highest percentage of users attacked by web-borne threats. However, Sri Lanka remains vulnerable, with a significant number of businesses still at risk of falling victim to these cybercrimes.
To help businesses build on their cyber defences, Kaspersky offers its integrated software solution that includes a set of functions for event monitoring and management, Kaspersky Unified Monitoring and Analysis Platform (KUMA).
KUMA is a unified console for monitoring and analysing information security incidents and helps businesses and organizations stay safe in cyberspace while embracing digitalisation.
More information about the platform is available here: https://support.kaspersky.com/help/KUMA/1.5/en-US/217694.htm. To know more the latest threat reports from Kaspersky, visit Securelist.com.
You Must be Registered Or Logged in To Comment Log In?
