Check Point’s latest report on cyber threats in the EMEA region has revealed a significant increase in infostealer attacks targeting organizations across Europe, the Middle East, and Africa. The report, which was released during the CPX 2025 Vienna conference on February 4, highlights a 58% surge in infostealer attacks in the region over the past year.
According to the report, more than 10 million stolen credentials associated with EMEA organizations are currently available for sale on underground cybercrime markets. The prevalence of three specific infostealer malware strains – AgentTesla, Lumma Stealer, and FormBook – has made them some of the top malware threats in the region. These malware strains are often targeting VPN credentials and authentication tokens, contributing to a rise in stolen credentials, session hijacking, and corporate breaches.
The increase in infostealer attacks has also led to a surge in session hijacking as a primary technique for bypassing multifactor authentication (MFA). This allows attackers to gain persistent access to corporate environments, posing a significant threat to organizations in the EMEA region.
Sergey Shykevich, Check Point’s Group Manager of Threat Intelligence, emphasized that the rise of infostealer malware showcases cybercriminals’ ability to adapt and evolve. He noted that cybercriminals are now selling access to breached systems, creating an underground marketplace where stolen credentials are used to fuel various cyberattacks, including ransomware and financial fraud.
During his speech at the CPX 2025 conference, Check Point’s CEO, Nadav Zafrir, acknowledged that cyber attackers often hold an advantage in agility over defenders, leading to an “asymmetric arms race” in cybersecurity. Zafrir emphasized the importance of learning from adversaries and adapting to their tactics to effectively defend against cyber threats.
In addition to the rise in infostealer attacks, the report also provided key insights into cyber-attack statistics in the EMEA region. Organizations in EMEA experienced an average of 1679 cyberattacks per week in the past six months, with African countries facing the highest number of attacks. Ethiopia emerged as the most targeted country, followed by Uganda, Angola, and Ghana.
The report also highlighted the most targeted industries in the EMEA region, with Education and Research being the top industry facing cyber-attacks, followed by Communications, Military, and Healthcare. Retail and Wholesale organizations were also significantly targeted in the region, ranking fifth in terms of cyber-attack frequency.
Furthermore, the report confirmed a shift in data extortion tactics, with ransomware actors focusing more on stealing sensitive corporate data rather than traditional encryption-based extortion. Phishing remained a top threat vector in the region, with 62% of malicious files delivered via email in the last 30 days. FakeUpdates (also known as SocGholish) was identified as the top malware affecting the region, highlighting the diverse range of cyber threats faced by organizations in the EMEA region.
Overall, the report underscores the growing threat landscape in the EMEA region and the need for organizations to enhance their cybersecurity defenses to protect against evolving cyber threats and attacks. By staying informed and proactive in their approach to cybersecurity, organizations can better defend against the rising tide of cybercrime in the region.