Global cybersecurity and digital privacy company Kaspersky flags the growing pressure on organisations in India, as exploits and Remote Desktop Protocol (RDP) attacks continue to target enterprise networks. In 2025, attacks blocked by Kaspersky’s business solutions across the region remain in the millions.
Exploits, malicious code that takes advantage of unpatched software vulnerabilities, continue to be one of the main entry points for attackers, while RDP attacks, which target exposed remote access services through brute-force or credential theft, are consistently used to gain unauthorised control over corporate networks.
As organisations here consistently expand their digital footprint and remote access capabilities, these two attack vectors remain among the most effective and frequently observed methods used by cybercriminals to infiltrate systems, move laterally, and deploy further malicious activity.
Kaspersky recorded 1,257,178 exploit attacks targeting organisations in India last year, underscoring the persistent threat that vulnerabilities continue to pose to businesses across the country.
The term exploit refers to a program, piece of code, or even some data written by a hacker or malware writer designed to take advantage of a bug or vulnerability in an application or operating system. Using the exploit, an attacker gains unauthorised access to, or use of, the application or operating system.
Many exploits target web-facing systems like browser vulnerabilities, server software bugs, and are delivered online. However, they can also be local if targeting device-specific flaws like USB exploits.
Beyond exploiting software weaknesses, attackers continue to target remote access services to gain direct control over systems.
Remote Desktop Protocol (RDP) is a legitimate protocol commonly used to access Windows-based computers and servers remotely. RDP was conceived as a remote administration tool, but is often used by intruders to penetrate the target computer. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log in to the system with the victim’s permissions.
In 2025, Kaspersky solutions used by business users in India recorded 12,154,216 RDP-related attack attempts, highlighting the continued persistence of remote access threats targeting organisations across the country.
The volume of RDP attack attempts targeting Indian businesses remains significant, reinforcing that remote access services continue to be a high-value target for cybercriminals operating in the country.
India’s cybersecurity exposure is growing alongside its digital ambitions. The Reserve Bank of India’s recently unveiled medium-term strategy, Utkarsh 2029, has placed cybersecurity alongside AI and UPI as one of its core institutional priorities for the 2026-2029 period, a clear signal that regulators now view digital resilience as foundational to India’s financial and economic infrastructure.
“India’s digital growth story is remarkable, but it has also made the country an increasingly attractive target for cybercriminals. The volume of exploit and RDP-related attempts we continue to see against Indian businesses is a clear reflection of how threat actors adapt to an expanding attack surface, assessing each target and selecting the path of least resistance”, comments Jaydeep Singh, General Manager for India, Kaspersky.
“The RBI’s Utkarsh 2029 strategy, naming cybersecurity as a core institutional priority, is a defining moment, it signals that digital resilience is no longer just an IT concern but a national economic imperative. Indian enterprises, across banking, manufacturing, and critical infrastructure, must move from reactive to proactive, embedding robust endpoint visibility and access controls into their core security posture before attackers find the gaps first,” he adds.
To reduce exposure to exploits and RDP attacks, Kaspersky encourages organisations to:
● Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities
● Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary, and always use strong passwords for them
● Use solutions such as Kaspersky NEXT EDR Expert for comprehensive visibility across all endpoints on a company’s corporate network to get superior defense, automate routine EDR tasks, enable analysts to speedily hunt out, prioritize, investigate, and neutralize complex threats and APT-like attacks
● Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors
● Back up the corporate data regularly. Backups should be isolated from the network. Make sure you can quickly access the backups in an emergency if needed