Local malware incidents in Sri Lanka remain a serious cybersecurity concern, with new data from Kaspersky revealing millions of offline infections that highlight persistent risks faced by individuals and organisations amid the country’s expanding digital ecosystem.
Local malware incidents in Sri Lanka expose growing offline cyber risks
Local malware incidents in Sri Lanka continue to pose a significant threat to users, according to new findings released by global cybersecurity firm Kaspersky, underscoring the growing importance of protecting systems from offline infection vectors.
Data from the Kaspersky Security Network (KSN) shows that during the third quarter of 2025 alone, 3,938,281 local malware incidents were detected on the computers of KSN participants in Sri Lanka. During this period, 23.2 percent of users in the country encountered local threats, placing Sri Lanka 53rd globally in terms of exposure to malware spread through non-internet-based infection methods.
The findings come against the backdrop of an increasingly complex global cyber threat landscape. Kaspersky reported detecting an average of nearly half a million malicious files every day worldwide in 2025, reflecting the sheer scale and sophistication of modern cybercrime. While online threats such as phishing, ransomware, and malicious websites often dominate headlines, the data highlights that offline threats remain a critical and sometimes underestimated component of cybersecurity risk.
Local malware threats typically include worms and file-infecting viruses that spread through physical media such as USB drives, external hard disks, CDs, DVDs, and other removable storage devices. These threats exploit situations where devices are shared between users or connected to multiple systems, allowing malicious code to propagate without relying on an internet connection.
Unlike online attacks that depend heavily on social engineering or browser vulnerabilities, offline malware spreads through physical proximity and routine user behaviour. In workplaces, educational institutions, and small businesses where removable media is commonly used to transfer files, the risk of infection remains particularly high. These environments often lack strict controls over device usage, making them attractive targets for malware propagation.
Kaspersky’s data indicates that local infections remain persistent in regions where physical data transfer methods are still prevalent. In Sri Lanka, the continued reliance on removable storage in certain sectors has contributed to sustained exposure, despite growing awareness of online cybersecurity risks.
Cybersecurity experts warn that protecting against local malware incidents in Sri Lanka requires more than traditional antivirus software. Effective defence depends on a layered security approach that combines real-time antivirus protection with integrated firewalls, anti-rootkit technologies, and robust device control mechanisms. These measures help identify hidden threats, prevent unauthorised device access, and limit the spread of malware across networks.
Strict management of removable media is increasingly seen as a critical component of cybersecurity strategy. Limiting the use of unverified USB drives, enforcing device scanning policies, and educating users about the risks associated with physical media can significantly reduce infection rates. For organisations, implementing endpoint protection solutions alongside clear internal policies is essential to maintaining system integrity.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, said the findings highlight the continued relevance of offline threats in today’s digital environment. While global statistics demonstrate the immense scale of cyber threats worldwide, he noted that local infection vectors remain especially important in regions where physical data sharing is common. According to Hia, organisations must adopt multi-layered protection strategies that include antivirus software, firewalls, and device control tools to effectively combat these risks and safeguard their networks.
On a global scale, countries with the highest percentage of users attacked by local threats include Turkmenistan, Tajikistan, Uzbekistan, Afghanistan, and Yemen, where more than 30 percent of users were affected. While Sri Lanka’s ranking is comparatively lower, the sheer volume of detected incidents highlights the need for sustained vigilance and proactive security measures.
As Sri Lanka continues to expand its digital footprint through increased connectivity, digital services, and technology adoption across industries, the threat landscape is expected to evolve further. The rise in digital transformation initiatives, remote work, and data-driven operations increases the potential impact of malware infections if security controls are not adequately strengthened.
Cybersecurity professionals stress that awareness and preparedness are key to mitigating risk. Individuals are encouraged to avoid using unknown or untrusted removable devices, keep security software up to date, and ensure operating systems are regularly patched. Businesses, meanwhile, must invest in comprehensive endpoint protection and enforce policies that balance operational efficiency with security.
Kaspersky offers a range of cybersecurity solutions designed to protect users from both online and offline threats, helping individuals and organisations reduce exposure to malicious activity. As local malware incidents in Sri Lanka continue to highlight vulnerabilities in offline security practices, the emphasis on comprehensive, layered protection has become more critical than ever.