

























In April 2026, global cyber-attack activity rebounded sharply following the brief moderation observed in March. Organizations experienced an average of 2,201 weekly cyber-attacks, representing a 10% increase month over month and an 8% increase year over year. This reversal underscores the volatility of today’s threat landscape. After three consecutive months of gradual decline, April’s data confirms that the earlier easing was temporary rather than structural. Attackers continue to leverage automation, expanded digital footprints, and exposed cloud and GenAI environments to sustain elevated pressure across industries and regions.
Check Point Research data shows that cyber threats have not stabilized at lower baselines. Instead, adversaries are rapidly adjusting timing and targeting strategies, reinforcing that short-term fluctuations do not equate to reduced operational risk.
The Education sector remained the most targeted industry in April, with organizations facing an average of 4,946 weekly attacks, marking an 8% year-over-year increase. Large user populations, highly distributed access environments, and constrained security resources continue to make educational institutions prime targets. The Government sector ranked second, averaging 2,797 weekly attacks, reflecting a marginal 1% decrease year over year. While volumes stabilized slightly, government organizations remain high-value targets due to critical public services and sensitive data exposure.
Telecommunications followed closely with 2,728 weekly attacks, recording a 3% year-over-year increase, as threat actors continue seeking scalable disruption and downstream access through service providers. Notably, Hospitality, Travel & Recreation continued their upward trajectory, aligning with seasonal demand growth. As transaction volumes rise ahead of peak travel periods, attackers appear to be accelerating activity to exploit increased customer data exposure and operational dependencies.

Figure 1: Global average cyber-attacks per industry. April 2026 vs April 2025
April’s regional data reveals a broad-based resurgence in cyber activity, with every region experiencing month-over-month increases.
Latin America remained the most targeted region globally, averaging 3,364 weekly attacks per organization, alongside a 20% year-over-year increase. Rapid digital expansion and uneven security continue to fuel its attractiveness to threat actors.
APAC followed with 3,213 weekly attacks, reflecting a 4% year-over-year increase, while Africa recorded 2,940 weekly attacks, despite a -9% year-over-year decline, remaining among the most targeted regions worldwide.

Figure 2: YoY change in weekly cyber-attacks per region
Europe and North America both saw renewed growth compared to March, reinforcing that even mature markets continue to face persistent baseline pressure rather than meaningful relief.
Enterprise GenAI usage remained widespread throughout April 2026, sustaining high levels of data leakage risk despite broader threat volatility. Key GenAI exposure indicators include:
While overall interaction volumes remained stable compared to March, exposure risk persists due to limited visibility, decentralized usage, and insufficient governance. Without centralized controls, organizations remain vulnerable to credential leakage, intellectual property exposure, and unintended third‑party risk propagation.
In April 2026, 707 ransomware attacks were reported globally, reflecting a 5% increase month over month and a 12% increase year over year. This continued growth confirms that ransomware remains a core monetization vector despite broader tactical shifts.
North America was the most affected region, accounting for 46% of reported incidents, followed by Europe (27%) and APAC (17%), indicating sustained focus on high-revenue and highly regulated markets.

Figure 3: Ranswomare attacks per region
Business Services continued to dominate ransomware targeting, accounting for 33.8% of victims, followed by Consumer Goods & Services (14.4%) and Industrial Manufacturing (9.9%).
Together, these sectors represent environments where downtime, operational disruption, and data exposure translate directly into financial leverage, making them consistently attractive to ransomware operators. Healthcare, Financial Services, and Government each increased their relative share compared to earlier months, reinforcing the gradual expansion of ransomware targeting beyond traditional strongholds.

Figure 4: Ransomware by industry
At the country level, the United States remained the most impacted nation, accounting for 41.6% of reported ransomware attacks, followed by Germany (5.0%), Canada (4.8%), Italy (4.0%), and the United Kingdom (3.8%).
The breadth of affected countries across North America, Europe, Asia, and Latin America highlights ransomware’s continued global reach, even as activity remains concentrated in a limited number of high-value markets.

Figure 5: Ransomware victims by country
Ransomware activity in April remained fragmented, though dominated by a small group of high-output operators. Qilin led activity, responsible for 15% of published attacks, followed by The Gentlemen (10%) and DragonForce (9%). While the top three groups accounted for 34% of reported incidents, a total of 56 different ransomware groups publicly impacted organizations worldwide last month—underscoring the breadth and resilience of the ransomware ecosystem.
April 2026 confirms that cyber threats are not stabilizing, they are oscillating with increasing intensity. The rebound in global attack volumes, continued expansion of ransomware activity, and persistent GenAI-driven exposure risks illustrate a threat environment defined by adaptability rather than predictability.
At Check Point Research, our research shows that temporary declines should not be mistaken for reduced risk. Attackers continue refining precision, timing, and targeting, exploiting seasonal demand cycles, emerging technologies, and governance gaps.
In this environment, reactive security models remain insufficient. A prevention-first, AI-driven, multi-layered security strategy — spanning cloud, network, endpoint, and user environments — is essential to reducing exposure and sustaining cyber resilience. Staying ahead now requires anticipating attacker behavior, not merely responding after impact.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。