Check Point touts AI, ransomware and cloud vulnerabilities as the biggest threats in an EMEA report. Attackers are using AI to attack organizations, but AI infrastructure can just as easily be targeted.
Check Point researchers at CPX share their insights on the European threat landscape. Organizations in the EMEA (Europe, Middle East and Africa) zone faced an average of 1,679 cyber attacks per week over the past six months. This is just below the global average, but Europe remains a prime target for cyber attackers and state actors.
Education and research remain the most affected, with 4,247 attacks per week per organization. “The use of open networks and sensitive information are two possible explanations,” said Sergey Shykevich, Check Point’s Threat Intelligence Lead. Other heavily affected sectors include IT hardware and software, communications, defense, healthcare and retail.
AI-driven cyberwarfare
By now, the most common cyber threats sound familiar: phishing remains a tried-and-true recipe for getting into organizations, and ransomware is also high on the hit lists every year. Yet Check Point sees new evolutions in the behavior of attack actors due to the rise of AI.
Check Point sees a shift from direct infrastructure attacks to AI-driven disinformation campaigns. Cybercriminals and state actors based primarily in China, Russia and Iran are abusing AI to influence elections. That we saw this happen a lot last year is due to many elections taking place worldwide in 2024. “AI is being used as a weapon of war” says Shykevich.
But AI could just as easily be at the other end of the attack spectrum. Attackers are targeting AI models and supporting infrastructure. The much-discussed DeepSeek suffered a large-scale attack in late January. Analysis showed that the model was not a paragon of effective security.
AI is being used as a weapon of war
Sergey Shykevich, Threat Intelligence Lead Check Point
Shredded ransomware
Ransomware continues to evolve. Cybercriminals are shifting their focus from encrypting files to pure extortion with stolen data they threaten to leak out. Check Point also sees the economics around ransomware changing. Large groups are losing power and smaller groups are taking advantage. With four victims per million inhabitants, Belgium is in the top ten countries with the most attacks relative to population.
read also
Ransomware in 2024: more attacks, more perpetrators
Police actions against dominant groups such as LockBit have created a power vacuum. Small groups thus see an opportunity to build their “brand,” and easy access to artificial tools helps them mount large-scale attacks with limited resources. This, according to Check Point, creates a dangerous mix that increases the risk of data breaches.
Vulnerable cloud
New security risks arise with the growth of hybrid cloud environments, according to Check Point. Companies are losing oversight or becoming too dependent on a provider. Attackers exploit misconfigurations, weak access controls and vulnerabilities in edge devices to penetrate networks. Finally, Check Point sees that stolen login credentials are literally worth their weight in gold.
The use of infostealer malware is up 58 percent in Europe, with more than 10 million stolen login credentials circulating on the dark web. “The majority of infostealers are unleashed on unmanaged devices,” Shykevich adds, highlighting the risks of a BOYD policy. Cybercriminals use this data to bypass MFA and gain long-term access to corporate networks.
To keep all these threat types in check, Check Point advocates a proactive cybersecurity strategy, focusing on detecting threats before they can become a problem. Prevention has been the company’s hobbyhorse for 30 years. It is therefore also announcing at CPX new AI-driven features to combat AI-driven threats.