International Cyber Expo International Cyber Expo
  • About Us
Monday, 13 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

by Guru Writer
July 13, 2026
in News
Share on FacebookShare on Twitter

UK organisations faced an average of 1,589 cyber attacks per week in June 2026, a 34% increase compared with the same month last year, according to new threat intelligence from Check Point Research, the intelligence arm of Check Point Software Technologies.

The UK figure outpaces the global trend line. Worldwide, organisations experienced an average of 2,270 weekly attacks in June, up 17% year on year and 10% month on month, as a brief lull in May gave way to a broad rebound across regions and industries. Rather than concentrating in one geography or sector, the increase in attack volume appeared almost everywhere at once, a pattern researchers say points to attackers widening their targeting rather than intensifying pressure on a single weak point.

“June’s data shows a broad rebound in cyber activity, not a single isolated spike,” said Omer Dembinsky, Data Research Manager at Check Point Research. “Attackers are widening their reach across regions and industries, while ransomware groups continue to reorganise and scale. Organisations need prevention-first, AI-driven security that protects networks, users, data and AI workflows before attacks can cause impact.”

Education, Government and Telecommunications remained the most targeted sectors globally. Education organisations faced an average of 4,816 weekly attacks, up 16% year on year, with open campus networks and constrained security budgets continuing to make schools and universities attractive targets. Government followed at 2,836 weekly attacks (up 5%), while Telecommunications recorded 2,835 (up 13%).

Regionally, Latin America remained the most heavily targeted, with 3,501 weekly attacks on average, a 27% year-on-year rise. Europe posted one of the sharpest regional increases globally at 22%, a trend the UK figures sit within and, on this data, exceed.

Ransomware activity intensified sharply in June, with 646 attacks recorded, a 33% rise on June 2025. Business Services remained the most targeted industry, accounting for 31% of reported victims, followed by Consumer Goods and Services (16%) and Industrial Manufacturing (14%). Government’s share of ransomware victims has climbed steadily, from 4.0% in April to 5.4% in June.

The most notable development was at the group level. The Gentlemen, a ransomware-as-a-service operation founded in mid-2025, overtook Qilin to become the most active ransomware group, responsible for 17% of published attacks compared with Qilin’s 11%. LockBit also surged, rising from 1% of published attacks in May to 7% in June, making it the third most prevalent group.

Check Point Research attributes The Gentlemen’s rapid rise to an unusual dual model: the group functions simultaneously as a RaaS provider and an Initial Access Broker, giving affiliates self-service access to an estimated 14,000 pre-exploited FortiGate devices tied to CVE-2024-55591. Researchers have linked the group to more than 320 confirmed data-leak-site victims, with an estimated 1,570+ actual compromises, placing it among the top seven ransomware threats globally within a year of launch. Its targeting is notably atypical, with the US accounting for only 12% of victims against a 50% ecosystem average, reflecting a victim-selection model driven by device availability rather than deliberate geographic targeting. The group’s cross-platform lockers target Windows, Linux and ESXi environments, and a May 2026 operator communication signalled a shift from blunt-force BYOVD-based EDR killing toward more surgical userland evasion techniques.

GenAI-related exposure also remained a persistent risk through June. Check Point Research found that 1 in every 26 enterprise GenAI prompts carried a high risk of sensitive data leakage, a global exposure rate of 3.9%, affecting 85% of organisations that regularly use GenAI tools. A further 27% of prompts contained potentially sensitive information. Healthcare and Medical organisations carried the highest exposure at 5.7%, followed by Telecommunications and Business Services at 5.1% each. Personal data was the most common category of sensitive information exposed, appearing across 80% of affected organisations.

With UK attack volumes rising faster than the global average, researchers say the combination of broader attacker targeting, a reshuffled ransomware leaderboard and steady GenAI-related exposure underscores the case for prevention-first security architectures that span network, cloud, endpoint and user activity.

ShareTweet
Previous Post

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

Recent News

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026
Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol