The cybersecurity landscape in EMEA is facing a wave of AI-driven cyber warfare, the evolution of ransomware into data extortion, and an expanding attack surface in cloud environments, according to the latest findings from Check Point Software. The company presented its insights at CPX Vienna 2025, an annual cybersecurity event bringing together industry leaders, security experts, and policymakers.
Rising Cyber Threats Across EMEA
Check Point’s research reveals that organisations in EMEA faced an average of 1,679 cyberattacks per week in the past six months, slightly below the global average. Education and Research emerged as the most targeted industry in the region, with 4,247 weekly attacks per organisation—aligning with global trends.
The top five most attacked industries in EMEA include:
- Education and Research (4,247 attacks per week)
- Communications
- Military
- Healthcare
- Retail and Wholesale (a departure from global trends where utilities rank fifth)
Africa remains a key target for cybercriminals, with Ethiopia experiencing the highest volume of attacks in EMEA, followed by Uganda, Angola, and Ghana. The report also found that 62% of malicious files in the region were delivered via email in the last 30 days, underscoring phishing as a dominant attack method.
AI-Driven Cyber Warfare and Disinformation on the Rise
Cyber-attacks are shifting from direct infrastructure disruption to influence operations and misinformation campaigns fueled by artificial intelligence. Nation-state actors leverage AI tools to manipulate information, spread disinformation, and execute sophisticated cyberattacks.
AI was used in at least one-third of major elections between September 2023 and February 2024, influencing voter sentiment and public trust. Russian, Iranian, and Chinese-backed cyber groups deployed AI-generated deepfakes and fake news campaigns to interfere with elections in the US, Taiwan, Romania, and Moldova. The Paris Olympics also became a focal point for cyber-influence operations, with coordinated misinformation efforts aimed at discrediting the event.
“The rise of AI-powered disinformation is fundamentally reshaping the cyber security landscape. From deepfake-generated political attacks to large-scale influence campaigns, we are seeing an unprecedented escalation in AI-driven cyber warfare,” said Lotem Finkelsteen, Director of Threat Intelligence and Research at Check Point.
Major AI Platform Hit by Cyberattack
In a significant security breach, China-based AI platform DeepSeek AI suffered a large-scale cyber-attack, forcing it to restrict new user registrations. The attack highlights the growing vulnerability of AI-driven ecosystems.
“As AI becomes more integrated into daily operations, its infrastructure becomes a prime target for cybercriminals and nation-state actors. Organisations must prioritise AI security to prevent large-scale breaches that could have far-reaching consequences,” said Eli Smadja, Security Research Group Manager at Check Point Software.
Ransomware Shifts Toward Data-Leak Extortion
While ransomware remains a persistent threat, attackers are evolving tactics, increasingly focusing on stealing sensitive data rather than encrypting files. This shift toward data-leak extortion poses a significant risk, as organisations must now contend with potential public exposure of their confidential information.
Law enforcement crackdowns on major ransomware groups like LockBit and ALPHV have fragmented the ransomware landscape, allowing emerging groups like RansomHub to exploit the power vacuum.
“The shift toward data-leak extortion presents a more insidious risk—organisations are no longer just facing operational disruptions but also the public exposure of sensitive data. Security strategies must evolve to focus on early detection, strong data encryption, and robust access controls to mitigate these threats,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.
Surge in Infostealer Malware Fuels Underground Cybercrime Economy
The proliferation of infostealer malware is driving a surge in stolen credentials and corporate breaches. According to Check Point’s research, infostealer attacks increased by 58%, with over 10 million stolen credentials available on underground cybercrime markets.
Notable malware strains such as AgentTesla, Lumma Stealer, and FormBook have been frequently used to target VPN credentials and authentication tokens. Cybercriminals leverage session hijacking to bypass multi-factor authentication (MFA), enabling persistent access to corporate environments.
“Cybercriminals are no longer just breaching systems—they are selling access. The rise of infostealers and initial access brokers has created an underground marketplace where stolen credentials fuel a wider range of cyberattacks, including ransomware and financial fraud,” said Sergey Shykevich, Group Manager of Threat Intelligence at Check Point Software.
Cloud and Edge Vulnerabilities Expand the Attack Surface
As enterprises continue to rely on hybrid cloud environments, attackers are exploiting misconfigurations, weak access controls, and vulnerabilities in edge devices to gain access.
Cloud misconfigurations have led to multiple high-profile data breaches, exposing government, healthcare, and financial sector data. Cybercriminals are also exploiting Single Sign-On (SSO) vulnerabilities to facilitate lateral movement across cloud environments. Meanwhile, Chinese-backed advanced persistent threat (APT) groups have leveraged compromised IoT and VPN appliances to establish persistent access to global networks.
“Organisations must rethink cloud security. Attackers are no longer just breaching on-premises systems—they are embedding themselves into cloud environments, targeting credentials, and leveraging legitimate mechanisms to facilitate bidirectional lateral movement. A proactive security approach is critical,” said Michael Abramzon, Threat Intelligence and Research Architect at Check Point Software.
The Cybersecurity Road Ahead
With AI-powered attacks, evolving ransomware tactics, and cloud vulnerabilities continuing to challenge organisations, cybersecurity leaders must adopt a proactive defence strategy. Check Point’s latest threat intelligence underscores the importance of robust threat detection, secure AI implementation, and comprehensive cloud security to stay ahead of emerging threats.