Brazil appears consolidated as one of the countries most targeted by cybercriminals in 2025, according to the report Acronis Cyberthreats Report H1 2025, ranking second in malware detections – only territories where the company operates were analyzed. The study, published by those analyzing the global cyber threat landscape in the first half of the year, also revealed that the country is among the top growing targets for ransomware and phishing attacks.
In May 2025, 11% of Brazilian users had at least one malware detection, second only to India with 12.4%. Brazil also appears among the main targets of ransomware groups like LockBit, Play, and 8Base, which exploit known vulnerabilities and phishing campaigns to compromise companies.
According to the report published by Acronis Threat Research Unit (TRU), phishing and social engineering remain the most used attack vectors, with a notable shift of scams to collaboration apps (such as Microsoft Teams and Slack).
The research indicates that Brazil showed consistently high detection rates over the 15-month period, with peaks in March and September 2024 and again in March and May 2025, aligning with repeated spear-phishing campaigns using Astaroth – a malware that showed strong focus on specific sectors, with 27% of attacks in manufacturing and 18% in IT, for example.
Global trends impacting Brazil
The study highlighted the increasing use of artificial intelligence in cyberattacks, such as hyper-realistic phishing, deepfakes in financial fraud, and autonomous malware. The ‘cybercrime-as-a-service’ model democratizes access to sophisticated attacks, increasing risks for businesses of all sizes.
Globally, Acronis also observed significant evolution in the use of malicious URLs in phishing campaigns. European countries like Germany, Switzerland, France, Italy, and Spain faced attack spikes between late 2024 and the first half of 2025. These scams ranged from tax authority impersonation campaigns to deepfakes and voice cloning to deceive victims in high-impact financial fraud. In France, for example, over 160,000 users were exposed to malicious links in a single coordinated attack.
“These trends reinforce that Brazil is not isolated but part of a global context of increasingly sophisticated attacks, where social engineering combined with new technologies – such as AI, spoofing, and fraudulent domains – can amplify the scale and impact of digital threats,” says Regis Paravisi, Country Manager of Acronis in Brazil.
About the report
The Acronis Cyberthreats Report H1 2025 is published by the company’s research team, Acronis Threat Research Unit (TRU), and is based on data collected between January and June 2025 from over one million endpoints monitored globally. The analysis compiles information on malware, ransomware, vulnerabilities, and emerging cybersecurity trends.
