Kaspersky Lab Detects 500,000 Malicious Files Every Day

Rising demand for security solutions

Research revealed two primary infection vectors: web-based threats, affecting 34 percent of users in Russia, and on-device threats via local media, impacting 37 percent of users. Microsoft Windows remains the main target (48 percent of users), followed by macOS (29 percent). Concerning trends include the increasing use of zero-day vulnerabilities, credential theft campaigns, supply-chain attacks, and backdoor distribution through open-source ecosystems — including the NPM worm Shai Hulud.

The scale of threats — half a million malicious objects every day — drives increasing demand for cybersecurity solutions, incident response services, and security audits across Russia’s IT sector. For individuals, higher infection and data‑leak risks are prompting broader adoption of security tools. At the national level, the situation reinforces the urgency of strengthening cybersecurity capabilities and protecting critical infrastructure.

Corporate‑grade security infrastructure

Given the rise in attacks, demand for domestic cybersecurity tools — including those from Kaspersky Lab and other local vendors — is expected to increase. Experts predict broader use of Threat Intelligence, supply‑chain monitoring, and hardening against open‑source poisoning and malicious package distribution. Export opportunities for Russian solutions will depend on meeting international security standards.

Behavior‑based analytics, zero‑day detection, and EDR/XDR platforms will become essential as antivirus tools alone are no longer sufficient. Organizations will need a corporate‑level security stack, potentially becoming an exportable product. Regulators are also likely to tighten requirements for critical infrastructure protection, software certification, and supplier oversight.

“Vulnerabilities remain the most common way for attackers to penetrate corporate networks, followed by the use of stolen credentials — which explains the spike in password‑stealing malware and spyware we have seen this year. Supply‑chain attacks, including those targeting open‑source software, are also widespread. This year we saw the first widely distributed NPM worm, Shai‑Hulud.”

Alexander Liskin

Head of Cyberthreat Research at Kaspersky Lab

A trend, not an anomaly

In 2024, Kaspersky’s detection systems logged an average of 467,000 malicious files per day — a 14 percent rise compared with 2023. This steady increase shows that threats are escalating and defensive measures must evolve. Speaking at the Kaspersky Future conference in April 2025, CEO Eugene Kaspersky noted that daily malicious file discovery reached 500,000, compared with 20,000 a decade earlier — a 25‑fold increase. According to him, Windows remains the primary target, receiving 93 percent of all attacks.

Supply‑chain attacks continue to surge. In 2022, they accounted for roughly 20 percent of major incidents; by mid‑2023 this number had grown to 30 percent. Cases of malicious code injection into open‑source projects and NPM packages have become widespread, prompting calls for systemic controls and certification mechanisms.

In 2025, activity from APT groups increased significantly, according to Solar 4RAYS Threat Research Center. Government agencies experienced 33 percent of all investigated APT attacks, followed by industry (15 percent), IT (13 percent), and energy (10 percent). Industrial espionage and attacks leveraging trusted‑relationship techniques are rising sharply, driving demand for EDR, SOC services, and incident response capabilities.

Users are also shifting toward alternative operating systems such as Linux and macOS depending on their needs. Despite Windows’ declining market share, it remains the primary target for attackers.

Evolving threats

The appearance of 500,000 new malicious files per day underscores an unprecedented escalation: 7 percent growth in a year and a 25‑fold increase over a decade. Kaspersky researchers highlight the rising sophistication of attacks. A notable example was the discovery of the commercial spyware Dante in the “Forum Troll” operation, which exploited zero‑day vulnerabilities in Chrome and Firefox.

Cyberthreats now have broad socio‑economic and national‑security implications, affecting the protection of citizens, corporations, and government systems. Globally, sustained trends include more advanced APT activity, supply‑chain compromises, and mass malicious campaigns. Effective response requires not just reactive protection but proactive strategy — continuous vigilance, expert‑level security practices, comprehensive technology stacks, and international cooperation.