Brazil appears consolidated as one of the countries most targeted by cybercriminals in 2025, according to the report Acronis Cyberthreats Report H1 2025, ranking second on the list of malware detections—only territories with the company’s presence were diagnosed. The study, published by which analyzes the global cyberthreat landscape in the first half of the year, also revealed that the country is among the top growing targets for ransomware and phishing attacks.
In May 2025, 11% of Brazilian users had at least one malware detection, second only to India, with 12.4%. Brazil is also among the main targets of ransomware groups such as LockBit, Play, and 8Base, which exploit known flaws and phishing campaigns to compromise businesses.
According to the report published by the Acronis Threat Research Unit (TRU), phishing and social engineering remain the most commonly used attack vectors, with a focus on the migration of scams to collaboration applications (such as Microsoft Teams and Slack).
The research indicates that Brazil experienced consistently high detection rates throughout the 15-month period, with peaks in March and September 2024 and again in March and May 2025, which aligns with repeated spear-phishing campaigns using Astaroth – a malware that has demonstrated a strong focus on specific sectors, with 27% of attacks in the manufacturing sector and 18% in the IT sector, for example.
Global trends impacting Brazil
The study highlighted the growing use of artificial intelligence in cyberattacks, such as hyper-realistic phishing, deepfakes in financial fraud, and autonomous malware. The “cybercrime-as-a-service” model even democratizes access to sophisticated attacks, increasing the risk for companies of all sizes.
Globally, Acronis also observes a significant increase in the use of malicious URLs in phishing campaigns. European countries such as Germany, Switzerland, France, Italy, and Spain experienced peaks in attacks between the end of 2024 and the first half of 2025. These scams ranged from impersonating tax authorities to the use of deepfakes and voice cloning to trick victims into high-impact financial fraud. In France, for example, more than 160,000 users were exposed to malicious links in a single coordinated attack.
“These trends reinforce that Brazil is not isolated, but rather inserted into a global context of increasingly sophisticated attacks, in which the use of social engineering combined with new technologies – such as AI, spoofing, and fraudulent domains – can increase the scale and impact of digital threats,” says Regis Paravisi, Country Manager of Acronis in Brazil.
About the report
The Acronis Cyberthreats Report H1 2025 is published by the company’s research team, the Acronis Threat Research Unit (TRU), and is based on data collected between January and June 2025 from over one million endpoints monitored globally. The analysis gathers information on malware, ransomware, vulnerabilities, and emerging trends in cybersecurity.
