Check Point Unveils Latest EMEA Cyber Threat Intelligence at CPX 2025

Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, today shared key insights from its latest EMEA Threat Intelligence Report at CPX Vienna 2025, the company’s annual cyber security event. CPX Vienna brings together industry leaders, cyber security experts, and policymakers to discuss emerging threats, the impact of AI on cyber warfare, and the latest security innovations.

The latest findings highlight AI-driven cyber warfare, ransomware’s shift toward data extortion, and vulnerabilities in cloud and edge infrastructure as the top security challenges for organizations across EMEA.

Key Cyber security Trends in EMEA

AI-Driven Cyber Warfare and Disinformation

Cyberattacks are increasingly shifting from direct infrastructure disruption to influence operations, misinformation campaigns, and AI-powered cyber warfare. Nation-state actors are exploiting AI tools to manipulate information, spread disinformation, and execute sophisticated cyberattacks.

• AI was used in at least one-third of major elections between September 2023 and February 2024 to influence voter sentiment, push disinformation, and manipulate public trust.
• Russian, Iranian, and Chinese-backed cyber groups have leveraged AI-generated deepfakes and fake news campaigns to interfere with elections in the US, Taiwan, Romania, and Moldova.
• The Paris Olympics became a prime target for cyber influence operations, with coordinated misinformation efforts aimed at discrediting the event and disrupting Western unity.

“The rise of AI-powered disinformation is fundamentally reshaping the cyber security landscape. From deepfake-generated political attacks to large-scale influence campaigns, we are seeing an unprecedented escalation in AI-driven cyber warfare,” said Lotem Finkelsteen, Director, Threat Intelligence and Research Area

DeepSeek AI Hit by Large-Scale Cyberattack

In a major cyber security incident, DeepSeek AI, a China-based artificial intelligence platform, suffered a large-scale cyberattack that forced it to restrict new user registrations. While the identity of the attackers remains unknown, the breach raises concerns about the security of AI platforms and the potential vulnerabilities within AI-driven ecosystems.

“As AI becomes more integrated into daily operations, its infrastructure becomes a prime target for cybercriminals and nation-state actors. Organizations must prioritize AI security to prevent large-scale breaches that could have far-reaching consequences,” said Eli Smadja, Security Research Group Manager at Check Point Software.

The attack on DeepSeek highlights the growing trend of targeting AI infrastructure, emphasizing that AI-driven services must implement robust security measures to protect against evolving cyber threats.

Ransomware’s Evolution: The Shift Toward Pure Data Extortion and Targeting of Critical Sectors

Ransomware remains one of the most persistent and damaging cyber threats, but attackers are shifting tactics—moving away from traditional encryption-based extortion toward pure data-leak extortion.

• Ransomware groups now focus on stealing sensitive corporate data and threatening to leak it rather than encrypting files.
• The law enforcement crackdown on major ransomware groups like LockBit and ALPHV led to a fragmented ransomware landscape, with emerging groups like RansomHub taking advantage of the power vacuum.

“The shift toward data-leak extortion presents a more insidious risk—organizations are no longer just facing operational disruptions but also the public exposure of sensitive data. Security strategies must evolve to focus on early detection, strong data encryption, and robust access controls to mitigate these threats,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.

Infostealers and Initial Access Brokers: The Underground Economy of Cybercrime

The explosion of infostealer malware is fueling a rise in stolen credentials, session hijacking, and corporate breaches.

• Infostealer attacks surged by 58%, with over 10 million stolen credentials available for sale on underground cybercrime markets.
• AgentTesla, Lumma Stealer, and FormBook were among the top malware threats in EMEA, frequently targeting VPN credentials and authentication tokens.
• Session hijacking is now a primary technique for bypassing Multi-Factor Authentication (MFA), allowing attackers to gain persistent access to corporate environments.

“Cybercriminals are no longer just breaching systems—they are selling access. The rise of infostealers and initial access brokers has created an underground marketplace where stolen credentials fuel a wider range of cyberattacks, including ransomware and financial fraud,” said Sergey Shykevich, Group Manager of Threat Intelligence at Check Point Software.

Cloud and Edge Vulnerabilities Expand the Attack Surface

As hybrid cloud environments become the backbone of modern enterprises, attackers are exploiting misconfigurations, weak access controls, and vulnerabilities in edge devices to gain initial access.

• Cloud misconfigurations led to multiple high-profile data breaches, exposing government, healthcare, and financial sector data.
• Threat actors exploited Single Sign-On (SSO) vulnerabilities, allowing lateral movement across cloud environments.
• Chinese-backed APTs leveraged compromised IoT and VPN appliances as Operational Relay Boxes (ORBs) to establish persistent access into global networks.

“Organizations must rethink cloud security. Attackers are no longer just breaching on-premises systems—they are embedding themselves into cloud environments, targeting credentials, and leveraging legitimate mechanisms to facilitate bidirectional lateral movement. A proactive security approach is critical” said Michael Abramzon, Threat Intelligence and Research Architect at Check Point Software.

Last Updated on 6 days by News Desk 1