The number of cyber attacks worldwide rose by 44% last year, fueled by evolving nation-state attacks and the increasing prevalence of generative AI.
In its annual report, Check Point Software said nation-states are changing their strategy, shifting from acute attacks to chronic campaigns aimed at eroding trust and destabilizing systems.
AI-powered disinformation and influence campaigns targeted a third of global elections between September 2023 and February 2024, researchers said.
The Russian-linked APT group CopyCop, for example, targeted the June 2024 US primary elections with fabricated news segments featuring deepfake portrayals of political figures, and the Islamic Revolutionary Guard Corps (IRGC) using 'hack-and-leak' tactics during the presidential elections.
"Cybersecurity in 2025 is not only about protecting networks; it’s about safeguarding trust in our systems and institutions," said Maya Horowitz, Check Point's VP of research.
"The State of Global Cyber Security 2025 highlights the rapid evolution of threats and reinforces the need for resilience in the face of persistent and complex adversaries."
The evolution of ransomware
Ransomware is also evolving, according to the report, with data exfiltration and extortion overtaking encryption-based attacks as the primary ransomware tactic, simplifying operations and maximizing payouts.
The little-known ransomware group Dark Angels, for example, reportedly extracted a $75 million payment from one Fortune 50 company in 2024.
Healthcare became the second most targeted industry for ransomware, with a 47% increase in attacks year-over-year, highlighting a move away from any 'ethical' approach from ransomware groups.
Meanwhile, compromised routers, VPNs, and other edge devices served as key entry points for attackers last year, with more than 200,000 devices controlled by advanced botnets like Raptor Train, operated by state-sponsored actors.
The report highlights the rising tide of infostealers, with stolen data traded on platforms like Telegram or underground criminal marketplaces such as the Russian Market.
"Following the decline of the big botnets, infostealers have become a significant and wide-scale threat. They offer cyber criminals efficient ways to steal credentials and session tokens, contributing to financial fraud and identity theft and acting as an entry point to corporate networks," said Check Point threat intelligence group manager Sergey Shykevich.
"As companies increasingly adopt remote work and bring-your-own-device policies, it is essential that they implement protective strategies."
AI attacks gain traction
A key talking point in the Check Point annual report centered around AI-powered financial crime. The security firm recorded a sharp increase in this regard across 2024 alongside supply chain attacks on open source projects.
Researchers warned that organizations will face increasing pressure this year thanks to new cyber security regulations, including the EU IoT Regulations, SEC Cyber Security Rules, the Digital Operational Resilience Act (DORA) and the NIS2 Directive.
CISOs, Check Point recommended, should strengthen BYOD Security, implementing strict policies and deploying endpoint protection.
They should also invest in threat intelligence and enhance patch management to address known vulnerabilities proactively and limit exposure to widespread exploits.
Edge devices should be secured, with robust security measures for routers, VPNs, and IoT devices; and they should focus on resilience, preparing for persistent threats with comprehensive incident response plans and continuous monitoring.
