Companies in the Iberia region have registered an average of 1,919 cyberattacks per week in the last six months, with e-mail being the main entry vector to infect equipment, appearing in two-thirds of attacks. Education and Health are the main target sectors, with attacks increasing in both areas (+74% in Education and +47% in Health).

Threats have increased globally. The United States (US) is positioned as the origin country of over half of the attacks (54%), and Spain is one of the main targets worldwide. During this period, the downloader FakeUpdates, a malicious program that helps distribute other types of malware, has positioned itself as the most common. This data is taken from the second Security Report Iberia by cybersecurity business Check Point, which suggests continued vigilance, refinement of detection capabilities, and increased collaboration with external intelligence sources to strengthen cybersecurity resilience.

Ransomware: the main cybersecurity threat

Ransomware, the malware that encrypts an infected device to demand money in exchange for recovering the information it contains, continues to be one of the main threats. Globally, Check Point has registered 5,414 incidents in 2024, with Spain being the eighth most affected country, with 106 incidents. The top positions are occupied by the US (2,713), Canada (283), and the United Kingdom (268).

As for the most affected sectors in the Iberia region, Education stands out, with 4,830 cyberattacks, and Health, which has experienced 2,709 attacks due to the vulnerability of personal and academic data. Moreover, the fall of LockBit, one of the most high-profile ransomware groups, has changed the hackers’ landscape. Other groups have emerged, like Ransomhub, which has been one of the most important, but they are smaller groups that, although very active in a number of attacks, have less capacity to carry them out, Check Point explains.

“Each year, the ransomware environment becomes progressively complicated. While law enforcement successfully dismantled larger Ransomware-as-a-Service (RaaS) groups, new groups emerged this year,” says Omer Dembinsky, data research group manager at Check Point. “Additionally, the shift from encryption-based extortion to data extortion brings new challenges. However, one thing remains consistent: the need to adapt and enhance data protection, monitoring, and rapid threat detection,” he continues.

Impact of AI

Phishing has evolved hand in hand with generative artificial intelligence, with increasingly convincing emails and identity impersonations. Brands widely recognized by users (such as Microsoft, Apple, and LinkedIn) lead the main deception attempts. AI also allows the creation of more adaptable and scalable attacks and ones that are much more personalized. Attacks using this technology will be harder to detect, as they can adapt in real-time to defences and user behaviours, as pointed out by Check Point.

However, AI-powered security systems already show great potential for analyzing large amounts of data, identifying irregularities, and automating responses to potential threats.

Cloud complexities

The increasing presence of the cloud also changes the landscape of cybersecurity. “The rapidly evolving ecosystem and the multitude of cloud providers, each offering dozens of services, terminologies, and security mechanisms, create complexity that is hard to navigate,” Check Point explains. Furthermore, the company has underlined the growing talent gap in cybersecurity; the global shortage of professionals in this field represents a challenge for companies, as it hinders their ability to defend themselves against threats.

“As cloud offerings continue to grow, so does the cloud attack surface. Recent incidents highlight the need for continuous posture management and proactive threat prevention across hybrid and multi-cloud environments to detect and block sophisticated attacks,” concludes Michael Abramzon, Threat Intelligence and Research Architect at Check Point.