According to new data from global cybersecurity and privacy firm Kaspersky, vulnerabilities in business networks continue to leave Indian enterprises open to cyberattacks. From January to June 2025, Kaspersky enterprise solutions blocked over 7.3 lakh exploit attempts targeting organizations in India — averaging more than 4,000 per day.
Exploits are malicious programs that take advantage of bugs or security flaws in software or operating systems to gain unauthorized access. When left unpatched, these vulnerabilities become entry points for cybercriminals.
Globally, during Q2 2025, the most common exploits targeted unpatched Microsoft Office products, according to Kaspersky’s findings. The top vulnerabilities detected on the Windows platform included:
-
CVE-2018-0802 and CVE-2017-11882: Remote code execution flaws in Microsoft’s Equation Editor component.
-
CVE-2017-0199: A vulnerability in Microsoft Office and WordPad allowing attackers to take control of systems.
The report noted that the top 10 most exploited vulnerabilities spanned both new zero-day flaws and older unpatched issues that organizations continue to neglect. Zero-day vulnerabilities are particularly dangerous because attackers exploit them before vendors release security patches.
Cybercriminals — including advanced persistent threat (APT) groups — have expanded their focus to widely used tools such as remote access software, document editors, logging systems, and even low-code/no-code (LCNC) platforms and AI development frameworks. This indicates that attackers are quick to exploit new technologies as businesses adopt them. Their goals remain constant: to gain access, escalate privileges, and establish long-term control within corporate networks.
“An almost 4% rise in exploits we blocked against Indian businesses during the first half of the year may not sound big on paper, but it shows how persistent these threat actors are,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky. “This is where threat intelligence makes all the difference — it tells Indian businesses which doors the criminals are already rattling, so they can lock them before it’s too late.”
In total, Kaspersky’s enterprise solutions detected and stopped over 22.9 lakh web threats in the first half of 2025 — a 13.7% increase compared to the same period last year.
To strengthen cyber defenses, Kaspersky recommends that businesses:
-
Conduct vulnerability investigations in secure virtual environments.
-
Maintain 24/7 infrastructure monitoring with a focus on perimeter defenses.
-
Automate patch management using tools such as Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed.
-
Deploy comprehensive endpoint security solutions, coupled with incident response capabilities and ongoing employee cybersecurity training.
-
Use the latest Threat Intelligence to stay informed about active attacker tactics, techniques, and procedures (TTPs).
