Kaspersky telemetry recorded 225,223 password-stealing attacks on corporate networks in India in 2025 alone a sharp year-on-year rise that exposes enterprises of every size to infiltration, financial loss, and data theft.
Cybercriminals are increasingly turning to password stealers as their preferred method of breaching Indian businesses, with new data from global cybersecurity firm Kaspersky revealing a 20% year-on-year surge in such attacks targeting corporate networks across the country.
According to Kaspersky’s telemetry, password stealer detections in Indian business environments climbed from 188,470 in 2024 to 225,223 in 2025 a rise that cybersecurity experts describe as both alarming and instructive. The numbers signal a deliberate strategic shift among threat actors, who are increasingly favouring credential theft as a low-noise, high-yield entry point into corporate systems over more conspicuous attack methods such as ransomware or direct network intrusions.
**What Password Stealers Actually Do**
Unlike headline-grabbing cyberattacks that announce themselves through system outages or ransom demands, password stealers operate in silence. These specialised malware tools are engineered to extract stored credentials from browsers, application caches, cookie files, and cryptocurrency wallets often without triggering any immediate security alert. Once harvested, those credentials give attackers the keys to an organisation’s digital kingdom: email accounts, financial platforms, internal systems, cloud infrastructure, and beyond.
“Password stealer attacks do not discriminate whether you are a large enterprise with hundreds of employees or a growing start-up, stolen credentials open the same doors for attackers. The 20% surge we are seeing in India is a warning signal that no organisation is too big or too small to be targeted. Businesses of every size need to treat credential security as a boardroom priority, not an IT afterthought.”
— Jaydeep Singh, General Manager for India, Kaspersky
The consequences can be severe and far-reaching. Stolen passwords are routinely exploited for financial theft, identity fraud, extortion, and as launchpads for secondary attacks including the deployment of ransomware deeper within a compromised network. Critically, because access is gained through legitimate credentials, these intrusions can go undetected for weeks or months, dramatically increasing the damage inflicted before discovery.
No Organisation Is Immune
One of the most sobering aspects of Kaspersky’s findings is the indiscriminate nature of these attacks. Large multinationals and early-stage start-ups are equally attractive targets — because stolen credentials work the same way regardless of the size of the organisation they came from. A compromised employee login at a ten-person firm can provide the same level of access as one stolen from a Fortune 500 company.
Jaydeep Singh, General Manager for India at Kaspersky, urged organisations to elevate credential security from an IT department concern to a leadership-level priority. Singh stressed that multi-factor authentication, disciplined password management, routine credential audits, and the principle of least privilege restricting user access to only what is necessary for their role form the non-negotiable foundation of any effective defence.
Building a Stronger Defence
Beyond those fundamentals, Kaspersky’s experts recommend a layered approach to protection. Deploying advanced security platforms that integrate endpoint, cloud, and extended detection and response (XDR/EDR) capabilities gives organisations the visibility needed to detect and contain sophisticated threats such as spyware and backdoors before they escalate.
Keeping software consistently up to date particularly widely used productivity applications closes the exploit pathways that attackers rely on to deliver stealers in the first place. Threat intelligence services add another layer, giving security teams advance warning of the tactics and toolkits currently in circulation among threat actors targeting their sector.
For organisations that have already experienced an incident, or those seeking to stress-test their defences, Kaspersky’s Incident Response and SOC Consulting services offer structured pathways to investigate breaches, identify root causes, and build or mature internal security operations capabilities aligned with today’s evolving threat landscape.
The message from Kaspersky’s 2025 data is clear: credential theft is no longer a peripheral risk for Indian businesses. It is the front door through which modern cyberattacks begin and leaving it unlocked is no longer an option.