CyberSecurity SEE

UK Cyber Attacks Increase by 34% as Ransomware Leadership Changes, According to Check Point Research

In June 2026, organizations in the United Kingdom faced an alarming average of 1,589 cyber attacks each week, marking a significant 34% increase compared to the same month the previous year. This data, revealed by Check Point Research, the intelligence division of Check Point Software Technologies, highlights a concerning trend in the cybersecurity landscape.

Notably, the UK’s surge in cyber attacks is outpacing global figures. On a worldwide scale, organizations experienced an average of 2,270 attacks per week in June—an increase of 17% year-on-year and 10% month-on-month. Researchers observed that rather than being concentrated in specific geographic areas or sectors, this rise in attack frequency was widespread, indicating that cybercriminals are expanding their targeting efforts. This diffusion of attack activity suggests that attackers are diversifying their methods and targets rather than simply attempting to intensify their assaults on a particular vulnerable point.

Omer Dembinsky, Data Research Manager at Check Point Research, noted, “June’s data shows a broad rebound in cyber activity, not a single isolated spike.” This observation underscores the necessity for organizations to adopt prevention-oriented, AI-driven security measures that can effectively safeguard networks, users, data, and AI workflows before cyber threats can manifest into more severe impacts.

In terms of sector-specific vulnerabilities, Education, Government, and Telecommunications emerged as the most targeted industries globally. Educational institutions alone faced an average of 4,816 weekly attacks, a 16% increase from the previous year—a situation exacerbated by factors such as open campus networks and limited security budgets, making schools and universities particularly attractive targets for cybercriminals. Government entities followed closely, experiencing an average of 2,836 weekly attacks, a 5% year-on-year increase, while the Telecommunications sector recorded 2,835 attacks, rising by 13%.

Regionally, Latin America has become the most heavily impacted area, with an average of 3,501 weekly attacks, reflecting a 27% increase from the previous year. Europe demonstrated one of the most significant regional increases globally, with a sharp rise of 22%, aligning closely with the trends seen in the UK—where attack volumes exceed these global averages.

Moreover, ransomware incidents soared sharply in June, with 646 recorded attacks, which represents a staggering 33% rise compared to June 2025. The Business Services industry remained the most frequented target, accounting for 31% of all reported ransomware victims. Following this, the Consumer Goods and Services sector accounted for 16%, and Industrial Manufacturing captured 14%. Notably, the share of ransomware victims from government entities has also seen a steady increase, climbing from 4.0% in April to 5.4% by June.

A pivotal shift was observed at the group level within the ransomware landscape. The Gentlemen, a ransomware-as-a-service operation established in mid-2025, swiftly overtook Qilin to become the most active ransomware group, responsible for an impressive 17% of published attacks, compared to Qilin’s 11%. LockBit also showed a significant uptick, rising from only 1% of published attacks in May to 7% in June, making it the third most prevalent ransomware group.

Researchers from Check Point attributed the rapid rise of The Gentlemen to its unusual dual model: the group operates both as a Ransomware-as-a-Service (RaaS) provider and as an Initial Access Broker. This structure enables affiliates to access around 14,000 pre-exploited FortiGate devices linked to CVE-2024-55591. The group has already been connected to more than 320 identified victims on data-leak sites, with estimates of over 1,570 actual compromises, positioning it among the top seven global ransomware threats within just a year of its inception. Interestingly, The Gentlemen’s targeting approach diverges from the norm, as only 12% of its victims are located in the U.S., contrasting sharply with an ecosystem average of around 50%. This unique victim-selection model appears to be driven more by device availability rather than geographic intent. The group has developed cross-platform capabilities, targeting environments across Windows, Linux, and ESXi. Moreover, operator communications from May 2026 hinted at a strategic shift away from blunt-force attacks to more sophisticated evasion techniques.

Additionally, risks associated with Generative AI (GenAI) tools remain prevalent. Check Point’s research found that one in every 26 enterprise GenAI prompts was associated with a high risk of sensitive data leakage, showing an exposure rate of 3.9%, impacting 85% of organizations that utilize GenAI tools regularly. Alarmingly, 27% of prompts were flagged as containing potentially sensitive information. Healthcare and medical organizations reported the highest exposure rates at 5.7%, followed closely by Telecommunications and Business Services at 5.1% each. Personal data emerged as the predominant category of sensitive information exposed, affecting 80% of the organizations involved.

As the UK grapples with rising cyber attack volumes that surpass the global average, researchers emphasize the critical need for comprehensive prevention-first security architectures. These measures should encompass network, cloud, endpoint, and user activity to effectively mitigate the evolving threat landscape that organizations face today.

Source link

Exit mobile version