Global cyber attacks decline, but ransomware jumps 46% as GenAI threats hit education, telecom, government
New research from Check Point reveals that while global cyber attack volumes stabilized slightly during September, ransomware and generative AI (GenAI)-related risks surged, with ransomware rising 46%. Organizations faced an average of 1,900 cyber-attacks per week, a 4% decrease from August but still a 1% increase year-over-year. Although overall attack volumes appear steady, evolving techniques, shifting target industries, and the rapid growth of GenAI-related threats highlight an increasingly complex and dynamic cyber threat landscape.
“The increasing integration of generative AI tools into enterprise workflows has introduced new vectors for data leakage,” Check Point disclosed. “In September, 1 in every 54 GenAI prompts from enterprise networks posed a high risk of sensitive data exposure — a threat that impacted 91% of organizations using GenAI tools regularly. Additionally, 15% of all prompts contained potentially sensitive information, including customer data, internal communications, or proprietary code snippets.”
Providing insights from threat actor data leak sites, Check Point highlighted the current leading ransomware groups. Qilin, accounting for 14.1%, is one of the most established RaaS (ransomware-as-a-service) groups and has maintained consistent victim disclosures since 2022. Following RansomHub’s retirement, Qilin expanded its affiliate network, leveraging a Rust-based encryptor and an advanced RaaS panel for affiliates. Play, also known as PlayCrypt, represents 9.3% and targets organizations across North America, South America, and Europe, exploiting unpatched vulnerabilities, particularly in Fortinet SSL VPNs, and using living-off-the-land binaries (LOLBins) for stealth operations. Furthermore, Akira accounts for 7.3% and has been active since early 2023; its Rust-based variant now targets Windows, Linux, and ESXi systems, focusing on business services and industrial manufacturing while implementing runtime controls and selective encryption to hinder detection and analysis.
Apply for our next conference in Kuala Lumpur on December 9th and 10th, 2025 at this link with the passcode: “6f&%dX”, no quotes.