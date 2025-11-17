Ransomware, GenAI drive surge in cyberthreats

Organisations worldwide each faced an average of 1 938 cyberattacks per week – a 2% increase from September and a 5% rise YoY – reflecting a continued escalation in global cyberthreats driven by ransomware expansion and risks linked to Generative AI (GenAI).

This is according to Check Point Research’s Global Threat Intelligence Report for October, which adds that for the first time this year, Africa was pipped to the post as the most attacked region by Latin America which averaged 2 966 attacks per organisation per week (+16% YoY).

Africa followed in second place, though, (2 782, –15%) and APAC rounded out the top 3 (2 703, –8%). Europe saw a moderate 4% rise, while North America recorded the steepest increase with 18% YoY growth, driven in part by intensified ransomware threats.

Of the four African countries covered in the report, Angola averaged 3 254 attacks per organisation per week (-53% YoY), followed by Kenya at 2 939 attacks per organisation per week (-17% YoY), Nigeria 2 779 attacks per organisation per week (-33% YoY), and South Africa at 1 878 attacks per organisation per week (+9%).

With the enterprise use of Generative AI (GenAI) tools expanding rapidly, Check Point Research identified increasing exposure to sensitive data. In October, one in every 44 GenAI prompts submitted from enterprise networks posed a high risk of data leakage, impacting 87% of organisations that use GenAI regularly. An additional 19% of prompts contained potentially sensitive information such as internal communications, customer data, or proprietary code.

These risks coincide with an 8% increase in average daily usage among corporate users. Notably, there’s a relative increase in the exposure of source code and credentials compared to other data types such as PII and financial information. While some usage occurs through managed tools, organisations still average 11 different GenAI tools per month – most of which are likely unsupervised.

The education sector remained the most targeted globally, averaging 4 470 weekly attacks per organisation (+5% YoY). The telecommunications industry followed with 2 583 weekly attacks (+2% YoY), while government institutions faced 2 550 attacks per week (–2% YoY), reflecting ongoing targeting of critical services and data-rich environments. Important to also note the high 40% YoY increase in the hospitality sector as we near the holiday season – climbing from 8th to 5th in the top attacked industries this month.

Ransomware remained one of the most damaging cyberthreats with 801 publicly reported incidents globally in October, marking a 48% YoY increase. North America accounted for 62% of all reported cases, followed by Europe (19%). The US alone represented 57% of global incidents, followed by Canada (5%) and France (4%).

By industry, business services (12%), consumer goods and services (10,5%), and industrial manufacturing (10,4%) were the most impacted.

The leading ransomware groups in October were Qilin (22,7%), Akira (8,7%), and Sinobi (7,8%) – collectively responsible for nearly 40% of reported attacks.

“October’s data shows that along with the overall number of attacks climbing, the real concern is in the eventual results shown, for example, in the surge of successful ransomware attacks,” says Omer Dembinsky, data research manager at Check Point Research. “In addition, the risks of data exposure via Generative AI and other means threaten to provide the attackers with additional tools to carry out future attacks.

“This evolution creates new challenges for defenders,” adds Dembinsky. “The only effective approach is prevention-first, powered by realtime AI and proactive threat intelligence to block attacks before they cause damage.”