The cybersecurity landscape in the EMEA region is currently grappling with a wave of AI-driven cyber warfare, the transformation of ransomware into data extortion, and an expanding attack surface in cloud environments, as per the latest findings from Check Point Software. The company shared its insights at CPX Vienna 2025, an annual cybersecurity event that brings together industry leaders, security experts, and policymakers.
According to the research by Check Point, organisations in EMEA have been targeted with an average of 1,679 cyberattacks per week in the last six months, which is slightly lower than the global average. Among the industries in the region, Education and Research stood out as the most targeted, facing a staggering 4,247 weekly attacks per organisation. The top five most attacked industries in EMEA include Education and Research, Communications, Military, Healthcare, and Retail and Wholesale.
Africa remains a prime target for cybercriminals, with countries like Ethiopia, Uganda, Angola, and Ghana experiencing a high volume of attacks. The report also highlighted that 62% of malicious files in the region were delivered via email in the past month, emphasizing phishing as a prevalent attack method.
The landscape of cyber-attacks is evolving, moving from direct infrastructure disruption to influence operations and misinformation campaigns driven by artificial intelligence. Nation-state actors are increasingly using AI tools to manipulate information, spread disinformation, and carry out sophisticated cyber-attacks. AI was reportedly involved in at least one-third of major elections between September 2023 and February 2024, influencing voter sentiment and public trust. Cyber groups backed by countries like Russia, Iran, and China have deployed AI-generated deepfakes and fake news campaigns to interfere with elections in various countries.
In a significant security breach, the China-based AI platform DeepSeek AI was hit by a large-scale cyber-attack, leading to restrictions on new user registrations. This incident underscores the growing vulnerability of AI-driven ecosystems, emphasizing the need for prioritizing AI security to prevent massive breaches.
While ransomware continues to be a persistent threat, attackers are now focusing more on stealing sensitive data rather than encrypting files. This shift towards data-leak extortion poses a significant risk to organisations, as they now face the potential exposure of confidential information. With law enforcement cracking down on major ransomware groups, new players like RansomHub are stepping in to exploit the power vacuum.
The surge in infostealer malware is fueling the underground cybercrime economy, resulting in a significant increase in stolen credentials and corporate breaches. Notable malware strains such as AgentTesla, Lumma Stealer, and FormBook are being used to target VPN credentials and authentication tokens, enabling cybercriminals to bypass multi-factor authentication and gain persistent access to corporate environments.
As enterprises increasingly rely on hybrid cloud environments, attackers are exploiting misconfigurations, weak access controls, and vulnerabilities in edge devices to gain access. Cloud misconfigurations have led to high-profile data breaches, with cybercriminals also leveraging SSO vulnerabilities and compromised IoT devices to infiltrate global networks.
To navigate the challenges posed by AI-powered attacks, evolving ransomware tactics, and cloud vulnerabilities, cybersecurity leaders must adopt a proactive defence strategy. Check Point’s latest threat intelligence emphasizes the importance of robust threat detection, secure AI implementation, and comprehensive cloud security to stay ahead of emerging threats.