The cybersecurity landscape in the EMEA (Europe, Middle East, and Africa) region is undergoing a significant transformation, driven by advancements in AI technology. As cyber threats evolve, organizations must adapt to new challenges and leverage AI to enhance their security measures. This article delves into the latest trends and insights from Check Point Software’s research, presented at CPX Vienna 2025, to understand how AI is reshaping cybersecurity in the EMEA region.
Rising Cyber Threats in EMEA
Increasing Frequency of Cyberattacks
Check Point’s research reveals that EMEA organizations experienced an alarmingly high average of 1,679 cyberattacks per week in the past six months. Although this is slightly below the global average, it highlights the persistent threat landscape in the region. The Education and Research sector is identified as the most targeted industry, facing a staggering 4,247 weekly attacks per organization. This trend aligns with global patterns, but there are notable differences specific to the EMEA region.
Given the high number of targeted attacks, it is clear that cybercriminals are continuously refining their methods to exploit weaknesses in these vital sectors. Africa, in particular, bears a significant burden of these threats, with countries like Ethiopia, Uganda, Angola, and Ghana experiencing elevated volumes of cyberattacks. The research indicates that a remarkable 62% of malicious files in the region were delivered via email over the past 30 days, underscoring the prevalence of phishing attacks as a primary vector for distributing malicious content. Addressing these patterns is crucial for developing more robust defense mechanisms tailored to the needs of the EMEA region.
Most Targeted Industries
In EMEA, the top five most attacked industries include Education and Research, Communications, Military, Healthcare, and Retail and Wholesale. This differs notably from the global trend where utilities rank as the fifth most attacked industry, reflecting unique regional vulnerabilities and attacker priorities. The significant targeting of the Education and Research sector can be attributed to its vast databases of sensitive information, which are considered highly valuable by cybercriminals.
Africa’s challenges are further compounded as the continent experiences some of the highest volumes of cyberattacks globally. The focus on specific countries such as Ethiopia, Uganda, Angola, and Ghana points to evolving strategies among cyber adversaries who recognize and exploit regional vulnerabilities. Meanwhile, the reliance on email as a vector for 62% of malicious files delivered to victims in the EMEA region showcases the adaptability and focus of modern phishing attacks. Organizations must now concentrate on strengthening email security, vigilant monitoring, and employee education to counteract the pervasive threat of phishing.
AI-Driven Cyber Warfare and Disinformation
Influence Operations and Misinformation
The report highlights a significant and concerning shift in cyber-attacks driven by AI, focusing on influence operations and misinformation rather than direct infrastructure disruptions. Nation-state actors are leveraging AI tools to manipulate information, spread disinformation, and conduct sophisticated cyberattacks that often influence public perception and voter sentiment. The potency of AI in crafting believable but entirely false narratives has allowed it to play a role in at least one-third of major elections held between September 2023 and February 2024.
This trend of AI-powered disinformation has been particularly evident during pivotal elections, significantly influencing public trust and sentiment. Nation-state actors, including Russian, Iranian, and Chinese-backed cyber groups, have increasingly relied on AI-generated deepfakes and fake news campaigns. These tactics have been deployed to interfere in elections in the United States, Taiwan, Romania, and Moldova. Additionally, during the 2024 Paris Olympics, concerted misinformation efforts aimed at discrediting the event were evident. Lotem Finkelsteen, Director of Threat Intelligence and Research at Check Point, noted the profound reshaping of the cybersecurity landscape driven by AI-powered disinformation campaigns.
Nation-State Actors and AI Tools
Russian, Iranian, and Chinese-backed cyber groups have demonstrated their adeptness at using AI-generated deepfakes and fake news campaigns to meddle in various elections worldwide. This meddling was noted in countries such as the US, Taiwan, Romania, and Moldova, where artificial intelligence was deployed to influence voter sentiment and disrupt the democratic process. The 2024 Paris Olympics also became a focal point for coordinated misinformation efforts, aiming to tarnish the reputation of the event through widespread disinformation campaigns.
Lotem Finkelsteen emphasized that AI-powered disinformation is radically transforming the cybersecurity landscape. The creation of convincing yet entirely fabricated multimedia content, such as deepfakes, has escalated to unprecedented levels. These tools empower nation-state actors to conduct large-scale influence operations that are difficult to detect and counteract, posing a growing challenge for cybersecurity professionals. As these AI-driven threats become more pervasive, understanding and mitigating them will require innovative approaches and enhanced collaboration among global cybersecurity stakeholders.
Major AI Platform Cyberattack
DeepSeek AI Breach
The cybersecurity landscape faced a significant event when the China-based AI platform DeepSeek AI experienced a severe breach, underscoring the vulnerabilities intrinsic to AI-driven ecosystems. This breach forced DeepSeek AI to restrict new user registrations, highlighting the immense risks associated with the integration of AI into daily operations. The attack on DeepSeek AI brought to light the critical need for securing AI infrastructure against sophisticated cyber threats from cybercriminals and nation-state actors.
Eli Smadja, Security Research Group Manager at Check Point, stressed that as AI becomes more deeply embedded in various operational frameworks, its infrastructure inevitably turns into a prime target for adversaries. This incident serves as a pivotal reminder that the advancement and adoption of AI technologies must go hand in hand with robust security measures. Organizations must recognize that the same advanced capabilities that make AI a powerful tool also render it an attractive target for those seeking to exploit its potential vulnerabilities.
Prioritizing AI Security
Smadja suggests that organizations urgently prioritize AI security to mitigate the risk of large-scale breaches with widespread ramifications. The evolving nature of AI technologies necessitates an equally dynamic approach to securing AI systems. As AI continues to innovate and integrate into diverse operational landscapes, securing its infrastructure becomes paramount to preventing significant disruptions and potential exploitation by cybercriminals.
To safeguard against potential cyber threats targeting AI, organizations must adopt a comprehensive security strategy encompassing advanced threat detection, regular vulnerability assessments, and stringent access controls. Developing a proactive posture in AI security involves anticipating potential attack vectors and staying ahead of adversaries who are continually refining their methods. By prioritizing AI security, organizations can enhance their resilience against the evolving threat landscape and ensure the safe, continued integration of AI into their operations.
Evolving Ransomware Tactics
Transition to Data-Leak Extortion
While ransomware remains a significant cyber threat, attackers are evolving their approaches by focusing more on stealing sensitive data rather than simply encrypting files. This transition to data-leak extortion poses a significant risk as organizations must now handle the potential public exposure of confidential information. Law enforcement crackdowns on large ransomware groups, such as LockBit and ALPHV, have fragmented this landscape, enabling newer, smaller groups like RansomHub to exploit the ensuing power vacuum and innovate their extortion tactics.
This shift toward data-leak extortion means that cybercriminals are increasingly leveraging stolen data as a bargaining tool, threatening to release sensitive information unless their demands are met. The trend towards exposing confidential data publicly adds a new layer of complexity to the already significant threats posed by ransomware attacks. Organizations must now not only focus on preventing encryption but also on protecting against the theft and potential exposure of critical data. This dual challenge necessitates more robust security strategies and emphasizes the need for comprehensive data protection measures.
Mitigating Ransomware Risks
Omer Dembinsky, Data Research Group Manager at Check Point, noted that the shift to data-leak extortion presents a more insidious risk, as organizations now face the dual burden of operational disruptions and threats of public exposure. He advises that security strategies should evolve to address these emerging challenges by focusing on early detection, robust data encryption, and stringent access controls. Additionally, organizations must develop contingency plans to manage and mitigate the impact of potential data leaks.
To effectively combat evolving ransomware tactics, organizations should invest in comprehensive cybersecurity training programs for employees to recognize and respond to potential threats. Implementing multi-layered security measures, including advanced threat detection systems and continuous monitoring, can help identify and neutralize ransomware attempts before they escalate. Collaboration with law enforcement and cybersecurity experts can also play a crucial role in staying abreast of the latest threat intelligence and developing resilient defense mechanisms against sophisticated ransomware attacks.
Surge in Infostealer Malware
Increase in Stolen Credentials
The proliferation of infostealer malware has driven a surge in stolen credentials and corporate breaches, significantly impacting the cybersecurity landscape. Check Point’s research indicates a concerning 58% increase in infostealer attacks, with over 10 million stolen credentials available on underground cybercrime markets. Malware strains like AgentTesla, Lumma Stealer, and FormBook are frequently employed by cybercriminals to target valuable VPN credentials and authentication tokens, allowing them to bypass security measures and gain unauthorized access.
The substantial rise in infostealer malware attacks poses a significant threat to organizations, potentially leading to unauthorized access and compromising sensitive data. Cybercriminals often leverage session hijacking techniques to bypass multi-factor authentication (MFA) protocols, enabling them to gain persistent access to targeted systems. This technique makes it even more challenging for organizations to fully secure their environments and protect against ongoing attacks. The widespread availability of stolen credentials on underground markets further exacerbates the problem, as these credentials can be used to fuel extensive cyberattacks, including ransomware and financial fraud.
Underground Cybercrime Markets
The thriving underground cybercrime markets serve as a hub for trading stolen credentials, facilitating a wide range of malicious activities. Sergey Shykevich, Group Manager of Threat Intelligence at Check Point, observed that cybercriminals are not only breaching systems but are also creating a sophisticated underground marketplace where stolen credentials are bought and sold. This marketplace fuels more extensive cyberattacks, as cybercriminals leverage the acquired credentials to launch ransomware attacks, execute financial fraud, or carry out other malicious activities.
Organizations must recognize the importance of robust authentication measures, such as implementing strong passwords, periodic credential rotation, and enforcing multi-factor authentication (MFA) rigorously. Regularly monitoring for signs of credential leakage and conducting security audits can help mitigate the threat posed by infostealer malware. By adopting a proactive approach to cybersecurity and staying vigilant against emerging threats, organizations can better protect their assets and reduce the potential impact of stolen credentials on their operations.
Expanding Attack Surface in Cloud Environments
Hybrid Cloud Vulnerabilities
The increasing reliance on hybrid cloud environments by enterprises has significantly expanded the attack surface, presenting new challenges for cybersecurity professionals. As organizations adopt hybrid cloud infrastructures, they must contend with potential weaknesses, such as misconfigurations, weak access controls, and vulnerabilities in edge devices. These weaknesses can be exploited by attackers to gain unauthorized access to sensitive data and critical systems, leading to high-profile data breaches that impact industries ranging from government to healthcare and financial sectors.
Misconfigurations in cloud environments have become a prevalent issue, often resulting in unintended data exposure and security lapses. Attackers also exploit Single Sign-On (SSO) vulnerabilities to facilitate lateral movement across cloud environments, compromising multiple systems with relative ease. The persistent threat from advanced persistent threat (APT) groups, particularly Chinese-backed groups, further underscores the need for vigilance. These groups often utilize compromised IoT and VPN appliances to establish and maintain persistent access to global networks, posing a significant risk to cloud security.
Proactive Cloud Security Strategies
Michael Abramzon, Threat Intelligence and Research Architect at Check Point, emphasized the necessity for organizations to rethink their cloud security strategies in light of these expanding threats. As attackers embed themselves into cloud environments and leverage legitimate mechanisms to facilitate movements, a proactive security approach is crucial. Organizations must invest in advanced security tools designed to detect and mitigate threats specific to cloud infrastructures.
Implementing comprehensive security measures, such as continuous monitoring, regular vulnerability assessments, and stringent access controls, can help safeguard hybrid cloud environments. Organizations should also prioritize secure configuration management and ensure that all systems and applications are consistently updated to address known vulnerabilities. By embracing a proactive and dynamic approach to cloud security, enterprises can better protect their assets and maintain robust defense mechanisms against evolving cyber threats.
The Road Ahead in Cybersecurity
The cybersecurity landscape across the EMEA (Europe, Middle East, and Africa) region is experiencing a profound shift, largely driven by the rise of AI technology. As cyber threats become more sophisticated, it is crucial for organizations to evolve and utilize AI to bolster their defenses. Check Point Software’s research, highlighted during CPX Vienna 2025, sheds light on the emerging trends and innovations in the cybersecurity domain within the EMEA region. This analysis explains how AI is being integrated into cybersecurity strategies to tackle the modern threat landscape effectively. The conference emphasized key points such as AI’s role in predictive threat detection, automated responses, and real-time analysis. Additionally, discussions revolved around the integration of AI with existing security protocols, the need for continuous learning systems, and the importance of staying ahead of cybercriminals who also leverage advanced technologies. The findings underscore the need for organizations to stay agile and informed, ensuring their cybersecurity measures are robust against evolving threats.
