ACCORDING to AMR, IT threat evolution in Q1 2026 shows that Kaspersky products blocked more than 343 million attacks originating from online resources, with Web Anti-Virus responding to 50 million unique links and File Anti-Virus blocking nearly 15 million malicious and potentially unwanted objects. The quarter saw 2938 new ransomware variants detected and more than 77,000 users experiencing ransomware attacks, including 35,056 unique users hit in March.
The report notes that 14% of ransomware victims whose data was published on data leak sites were victims of Clop, and more than 260,000 users were targeted by miners. In Vulnerabilities and Attacks, the Interlock group is exploiting CVE-2026-20131 in Cisco Secure FMC firewall management software since at least 26 January 2026, illustrating continued emphasis on zero-day vulnerabilities for initial access.
The IoT section highlights shifts in threat delivery, with Mirai variants predominating in the TOP 10 threats delivered to IoT devices and a new Mirai[.]kl variant appearing, while NyaDrop activity declined.