Brazil appears consolidated as one of the most targeted countries by cybercriminals in 2025, according to the Acronis Cyberthreats Report H1 2025, ranking second in malware detections – only territories with the company’s presence were diagnosed. The study, published by analyzing the global scenario of cyber threats in the first half of the year, also revealed that the country is among the top growing targets of ransomware and phishing attacks.
In May 2025, 11% of Brazilian users had at least one malware detection, behind only India, with 12.4%. Brazil also appears among the main targets of ransomware groups like LockBit, Play, and 8Base, which exploit known vulnerabilities and phishing campaigns to compromise companies.
According to the report published by the Acronis Threat Research Unit (TRU), phishing and social engineering remain the most used attack vectors, with a focus on migrating scams to collaboration applications (such as Microsoft Teams and Slack).
The research indicates that Brazil showed consistently high detection rates over the 15-month period, with peaks in March and September 2024 and again in March and May 2025, aligning with repeated spear-phishing campaigns using Astaroth – a malware that has shown a strong focus on specific sectors, with 27% of attacks in the manufacturing sector and 18% in the IT sector, for example.
Global Trends Impacting Brazil
The study highlighted the increasing use of artificial intelligence in cyber attacks, such as hyper-realistic phishing, deepfakes in financial fraud, and autonomous malware. The ‘cybercrime-as-a-service’ model democratizes access to sophisticated attacks, increasing the risk for companies of all sizes.
In the global scenario, Acronis also observes a significant evolution in the use of malicious URLs in phishing campaigns. European countries such as Germany, Switzerland, France, Italy, and Spain faced peaks of attacks between late 2024 and the first half of 2025. These scams exploited everything from impersonation campaigns of tax authorities to the use of deepfakes and voice cloning to deceive victims in high-impact financial frauds. In France, for example, over 160 thousand users were exposed to malicious links in a single coordinated attack.
“These trends reinforce that Brazil is not isolated but inserted in a global context of increasing sophistication of attacks, where the use of social engineering combined with new technologies – such as AI, spoofing, and fraudulent domains – can amplify the scale and impact of digital threats,” says Regis Paravisi, Country Manager of Acronis in Brazil.
About the report
The Acronis Cyberthreats Report H1 2025 is published by the company’s research team, the Acronis Threat Research Unit (TRU), and is based on data collected between January and June 2025 from over one million endpoints monitored globally. The analysis gathers information on malware, ransomware, vulnerabilities, and emerging trends in cybersecurity.
