Common Cyber Attacks in Nepal: How to Prevent Them

Phishing and Social Engineering

Phishing remains the most common cyber attack vector in Nepal, accounting for an estimated 60% of successful breaches in 2025. Attackers craft convincing emails, SMS messages, and social media communications that appear to come from trusted sources — banks, government agencies, popular e-commerce platforms, or even colleagues within the same organization.

Nepali organizations face several phishing variants. Spear phishing targets specific individuals with personalized messages referencing their role, interests, or recent activities. Whaling focuses on senior executives and business owners who have access to financial systems and sensitive decision-making information. Smishing uses SMS messages to deliver malicious links, exploiting the high mobile penetration rate in Nepal.

A recent case in Kathmandu involved a manufacturing company whose finance director received an email appearing to be from the CEO requesting an urgent wire transfer to a new vendor. The email used the CEO's exact writing style and signature, suggesting the attacker had monitored communications for weeks. The transfer of NPR 4.2 million was executed before the fraud was discovered.

Prevention Strategies

• Implement email authentication protocols including SPF, DKIM, and DMARC
• Deploy advanced email security gateways with link rewriting and attachment sandboxing
• Conduct regular phishing simulation exercises for all staff
• Establish verification procedures for financial transactions, especially when instructions change
• Use browser isolation for high-risk users and unknown links

Ransomware Attacks

Ransomware has evolved from a nuisance into an existential threat for Nepali organizations. Modern ransomware groups do not simply encrypt data — they exfiltrate sensitive information and threaten to publish it unless payment is made, a tactic known as double extortion.

In Nepal, hospitals, educational institutions, and small businesses have been particularly hard-hit. A private hospital in Kathmandu lost access to patient records for three days after ransomware encrypted their systems. The attackers demanded USD 150,000 in cryptocurrency. Because the hospital lacked offline backups, they faced the difficult choice of paying criminals or attempting lengthy manual recovery.

Another incident targeted a prominent Kathmandu-based IT college. Attackers deployed ransomware through a compromised remote desktop protocol connection during a holiday weekend when IT staff were away. Student examination records, research data, and administrative files were encrypted. The institution ultimately paid a smaller ransom to recover time-sensitive examination data, though this decision remains controversial.

Prevention Strategies

• Maintain offline, immutable backups that cannot be reached from production networks
• Deploy endpoint detection and response solutions with behavioral ransomware detection
• Disable unnecessary remote access protocols or place them behind VPN with MFA
• Keep all systems patched, prioritizing internet-facing and remote access systems
• Segment networks to prevent ransomware from spreading laterally
• Develop and test an incident response plan specifically for ransomware scenarios

SQL Injection

Despite being a well-known vulnerability for over two decades, SQL injection remains prevalent in Nepali web applications. Many Kathmandu-based developers build custom applications without secure coding training, and common content management systems are rarely updated with security patches.

SQL injection occurs when attackers insert malicious SQL commands into input fields — search boxes, login forms, or URL parameters — that are then executed by the database. Successful attacks can expose entire customer databases, modify account balances, or grant administrative access.

EncryptSec's penetration testing team frequently discovers SQL injection vulnerabilities in Nepali e-commerce platforms, government portals, and banking applications. In one assessment of a popular Kathmandu food delivery platform, our team demonstrated how a single unprotected search parameter could extract the complete customer database including names, phone numbers, addresses, and order histories.

Prevention Strategies

• Use parameterized queries and prepared statements for all database interactions
• Implement input validation and sanitization on both client and server sides
• Apply the principle of least privilege to database accounts
• Deploy web application firewalls with SQL injection rule sets
• Conduct regular application penetration testing by certified security professionals

DDoS Attacks

Distributed Denial of Service attacks overwhelm websites and online services with massive volumes of traffic, rendering them unavailable to legitimate users. In Nepal, DDoS attacks have targeted government portals during sensitive political periods, banking websites during salary disbursement days, and e-commerce platforms during festival sales events.

The availability of DDoS-for-hire services means that even unsophisticated actors can launch devastating attacks for minimal cost. A Kathmandu-based online travel agency experienced a three-day outage during the Dashain booking season when competitors allegedly paid for a DDoS attack. The estimated revenue loss exceeded NPR 8 million, not including reputational damage.

Prevention Strategies

• Use DDoS mitigation services from reputable cloud providers or specialized vendors
• Design infrastructure for elasticity, with auto-scaling capabilities
• Implement rate limiting and traffic filtering at the network edge
• Maintain a content delivery network to absorb traffic spikes
• Develop incident playbooks for rapid response and customer communication during attacks

Business Email Compromise

Business Email Compromise is one of the costliest cyber crimes globally, and Nepali organizations are increasingly targeted. BEC attacks compromise legitimate business email accounts through phishing or credential theft, then use these accounts to conduct fraudulent transactions, steal sensitive data, or manipulate business relationships.

A Kathmandu-based import-export firm fell victim to BEC when attackers compromised the email account of their China-based supplier. The attackers sent updated wire instructions for an upcoming payment, redirecting USD 85,000 to an account controlled by the criminals. The fraud was only discovered when the legitimate supplier inquired about the missing payment.

BEC attacks are particularly insidious because they exploit trusted business relationships rather than technical vulnerabilities. Prevention requires a combination of technical controls and procedural safeguards.

Prevention Strategies

• Mandate MFA for all email accounts, especially executive and finance team accounts
• Implement out-of-band verification for changes to payment instructions
• Use email security tools that detect anomalous sender behavior and spoofed domains
• Train finance and procurement staff specifically on BEC tactics
• Flag external emails containing financial keywords for additional review

Supply Chain Attacks

Supply chain attacks target less secure elements of an organization's ecosystem — software vendors, IT service providers, or logistics partners — to gain access to the primary target. These attacks are particularly difficult to detect because they exploit legitimate trust relationships.

In Nepal, supply chain risk is amplified by the common practice of outsourcing IT development and maintenance to third-party firms without adequate security vetting. A Kathmandu-based retail chain discovered that a point-of-sale software update from their vendor contained a backdoor that was exfiltrating customer payment data for months. The vendor itself had been compromised, making the update appear legitimate and properly signed.

Prevention Strategies

• Conduct security assessments of critical vendors before engagement
• Require security attestations and compliance certifications from suppliers
• Verify software integrity through code signing validation and hash verification
• Monitor vendor access to your environment with session recording and anomaly detection
• Implement network segmentation to isolate vendor connections

Prevention Strategies for Nepali Organizations

Beyond attack-specific controls, Nepali organizations should implement foundational security practices that reduce vulnerability across all threat vectors:

Invest in Professional Security Assessments

Annual penetration testing and vulnerability assessments by the best cyber security company in Nepal identify weaknesses before attackers can exploit them. These assessments should cover networks, applications, cloud infrastructure, and social engineering resilience.

Build Security Awareness Culture

Technology alone cannot prevent attacks that target human judgment. Regular training, phishing simulations, and clear reporting channels transform employees from the weakest link into an active defense layer.

Maintain Incident Response Capability

When prevention fails, rapid response limits damage. Organizations should have documented incident response plans, pre-established relationships with security firms, and tested communication protocols.

Keep Systems Updated

Many successful attacks exploit vulnerabilities for which patches have been available for months. A disciplined patch management process closes these easy entry points systematically.

Conclusion

The cyber threat landscape facing Nepal is diverse, sophisticated, and constantly evolving. From phishing emails that bypass spam filters to ransomware that destroys backups, from SQL injection in custom applications to DDoS attacks that take businesses offline, Nepali organizations face challenges that demand professional attention.

Prevention is always more cost-effective than recovery. The organizations that thrive in Nepal's digital economy will be those that treat cyber security as a strategic investment rather than a grudging expense. Working with the best cyber security company in Nepal provides access to the expertise, tools, and ongoing support necessary to stay ahead of threats.

At EncryptSec, our Kathmandu-based team has helped organizations across Nepal prevent, detect, and respond to every attack type described in this guide. Our combination of international certifications and local market knowledge makes us uniquely positioned to protect Nepali enterprises.

Contact EncryptSec today to discuss your organization's specific threat profile and how we can help you build resilient defenses against the attacks that target businesses in Nepal every day.