With 2026 already in the corner, global cybersecurity and digital privacy company, Kaspersky Global Research and Analysis Team reveals today the trends in enterprise threats that will set the contours of India cyber battlefield.
Saurabh Sharma, Lead Security Researcher at Global Research and Analysis Team (GReAT), Kaspersky, details India’s cyber threat matrix for 2026, the year of the compressed enterprise, squeezed between an inflationary threat landscape fueled by AI-assisted attacks and democratization of ransomware-as-a-service (RaaS).
This convergence of AI and commoditized cyber crime manifests are just among the distinct trends that will define the Indian enterprise security posture next year. Here are the seven key trends that will demand the attention of every Indian business leader in the year ahead:
AI driven attacks
Malicious use of generative AI to create convincing phishing emails, voice clones, deepfake videos, chatbots for social engineering, or automated reconnaissance at scale will spill from this year to the next.
Enterprises can also expect more adversarial attacks against machine learning (ML) systems – including evasion, poisoning, model extraction, backdoors – that target an enterprise’s AI models or any security controls that rely on ML.
Earlier this year, Kaspersky GReAT also highlighted the increased use of Dark AI.
Dark AI refers to the local or remote deployment of non-restricted large language models (LLMs) within a full framework or chatbot system that is used for malicious, unethical, or unauthorized purposes. These systems operate outside standard safety, compliance, or governance controls, often enabling capabilities such as deception, manipulation, cyberattacks, or data abuse without oversight.
The most common and well-known malicious use of AI comes in the form of Black Hat GPTs. These are AI models that are intentionally built, modified, or used to perform unethical, illegal, or malicious activities such as generating malicious codes, crafting fluent and persuasive phishing emails for both mass and targeted attacks, creating voice and video deepfakes, and even supporting Red Team operations.
Black Hat GPTs can be or private or semi-private AI models. Known examples include WormGPT, DarkBard, FraudGPT, and Xanthorox, designed or adapted to support cybercrime, fraud, and malicious automation.
RaaS model
The democratization of ransomware attacks poses as a serious threat for business in India. With RaaS being the predominant framework, the franchising of cybercrime lowers the barrier to entry which may lead to an unprecedented volume of attacks targeting mid-sized to large Indian firms.
“In India, the sectors repeatedly hit by ransomware attacks include the Information Technology (IT), Banking, Financial Services & Insurance (BFSI), manufacturing and healthcare. The combination of AI tools increasingly used for ransomware development and the continues rise of RaaS model like RansomHub transform this damaging threat from a targeted assault by cybercrime groups into a widespread commodity available to even low-skill criminals. For Indian enterprises, this is no longer a question of ‘if’ but a costly ‘when,’ making proactive, behavior-based and intelligence-backed defense a non-negotiable aspect of modern business strategy,” says Sharma.
Crypto under attack
Recent cases show that cryptocurrencies are increasingly becoming a new frontier for cyber threats, suggesting potential exploitation in financial and transactional systems.
Kaspersky investigations reveal a landscape of increasingly sophisticated attacks targeting individuals, developers, and organizations within the crypto space. For instance, Kaspersky’s anti-phishing technologies prevented 10,706,340 attempts to follow a cryptocurrency-themed phishing link, which was approximately 83.37% higher than the 2023 figure of 5,838,499 (which itself was 16% bigger than the previous year’s).
Earlier this year, Kaspersky GReAT uncovered a sophisticated cryptocurrency heist involving malicious packages targeting Cursor users, which resulted in losses of around $500,000.
As cryptocurrencies continue to grow, this number is only ever going to get larger.
Cloud and Endpoint Security
The expanding use of cloud services has created new attack surfaces, with a significant percentage of detections stemming from cloud environments.
Cyberattacks against cloud services are increasingly common and sophisticated, targeting everything from misconfigured settings to the software supply chain itself.
Just recently, reports said a cybercriminal group, infamous for ransomware attacks, claimed stealing 1 billion Salesforce records, potentially compromising users of this cloud-based enterprise platform.
Third-Party / Supply Chain Attacks
A large share of breaches arises via vendors, third-party contractors, and service providers.
Kaspersky’s recent data and analysis revealed that third-party attacks are a dominant and growing vector for supply chain attacks, exploiting trusted relationships to compromise entire networks.
The global cybersecurity company finds a 48% increase in malicious packages found in open-source repositories from 2023 to the end of 2024, uncovering 14,000 malicious packages that year. This trend continued into 2025, with groups like Lazarus deploying malicious npm packages to target developers’ systems.
High-profile 2024 incidents, such as the breach of the Polyfill.io service, which compromised over 100,000 websites, and the sophisticated social engineering attack that planted a backdoor in the widely used XZ Utils library, demonstrate how a single compromised third-party component can threaten global infrastructure.
APT Attacks
Factors such as regional rivalries, policy influence, and economic or market significance play a pivotal role in shaping the way Advanced Persistent Threat (APT) groups select their targets among Indian enterprises.
According to Kaspersky’s GReAT, India is among the top 12 countries targeted by APT groups. The infamous threat actors targeting enterprises and organizations in the subcontinent include Lazarus, Sidewinder, and Transparent Tribe (APT-36), among others.
Phishing and Social Engineering
Email remains a primary vector for initial compromise, with phishing and Business Email Compromise (BEC) scams being prevalent. AI-powered social engineering attacks are also becoming more sophisticated, making them harder to detect.
“These trends create a perfect storm for Indian enterprises, where automated threats can now mutate to bypass static defenses, while the RaaS model has created a global network of low-skill “super-spreaders.” For security leaders and top business decision makers in India, the mandate for 2026 is no longer just making a stronger perimeter, but building organizational cyberimmunity through adaptive, resilient, and intelligence-led systems,” he adds.
Find out more about India’s latest enterprise threat landscape by downloading the full report here: https://kaspersky-events.com/in-threat-report/.
To prepare for the coming threats, Kaspersky encourages organizations in India to follow these best practices:
- Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
- Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
- Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.
- Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security framework.
- Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors.
- To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.
To know more about the latest APT reports, visit https://securelist.com/.
