惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News | PayPal Newsroom
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网
NISL@THU
NISL@THU
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
博客园_首页
P
Privacy & Cybersecurity Law Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Cloudflare Blog
Know Your Adversary
Know Your Adversary
小众软件
小众软件
人人都是产品经理
人人都是产品经理
WordPress大学
WordPress大学
博客园 - 聂微东
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tor Project blog
C
Cybersecurity and Infrastructure Security Agency CISA
V
V2EX
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
J
Java Code Geeks
M
MIT News - Artificial intelligence
PCI Perspectives
PCI Perspectives
T
The Blog of Author Tim Ferriss
美团技术团队
Jina AI
Jina AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
V2EX - 技术
V2EX - 技术
爱范儿
爱范儿
S
Securelist
MyScale Blog
MyScale Blog
B
Blog
AI
AI
L
LINUX DO - 热门话题
Security Archives - TechRepublic
Security Archives - TechRepublic
The Register - Security
The Register - Security
I
Intezer
有赞技术团队
有赞技术团队
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
H
Help Net Security
D
DataBreaches.Net
K
Kaspersky official blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
The Last Watchdog
The Last Watchdog
Attack and Defense Labs
Attack and Defense Labs
酷 壳 – CoolShell
酷 壳 – CoolShell

Check Point Blog

The State of Hybrid SASE: Built-In vs. Bolted-On - Check Point Blog AI Appreciation Day: Let's Be Honest About What We're Appreciating - Check Point Blog AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
March 2026 Cyber Threat Report: Ransomware & GenAI Risk
2026-04-09 · via Check Point Blog
Global Attack Volumes Begin to Moderate 

In March 2026, global cyber attack activity showed early signs of moderation while remaining at historically elevated levels. The average number of weekly cyber-attacks per organization reached 1,995, representing a 4% decrease month over month and a 5% decline compared to March 2025 

Despite this easing, the overall threat environment remains intense. Nearly 2,000 weekly attacks per organization continue to reflect sustained adversary pressure, driven by automation, broad attack surface expansion, and persistent exposure risks tied to cloud adoption and GenAI usage. Check Point Research data indicates that while short term fluctuations are emerging, cyber threats have not returned to pre-surge baselines and remain a constant operational reality for organizations worldwide. 

Critical Sectors Continue to Face Disproportionate Risk 

The education sector remained the most targeted industry in March, experiencing an average of 4,632 cyber-attacks per organization per week, a 6% decrease year over year. Large user populations, highly distributed access environments, and limited security resources continue to make educational institutions attractive targets, even as overall volumes decline slightly. 

The government sector ranked second, averaging 2,582 weekly attacks, reflecting a 12% year-over-year decrease. While the drop suggests some short-term relief, government organizations remain consistent targets due to mission-critical services and high-value data. Telecommunications followed closely, with organizations facing 2,554 weekly attacks, down 10% year over year, yet continuing to attract threat actors seeking large scale disruption or supply chain access. 

An important outlier emerged in Hospitality, Travel & Recreation, which recorded a 30% year-over-year increase in attacks. As these organizations prepare for spring and summer travel surges, attackers appear to be accelerating activity ahead of peak seasonal demand, exploiting increased transactional volume, customer data exposure, and operational dependencies. 

Regional Threat Disparities Remain Pronounced 

Regional analysis underscores continued imbalance in global cyber pressure, with attack reductions unevenly distributed. Latin America recorded the highest attack volume globally, averaging 3,054 weekly attacks per organization, alongside a 9% year-over-year increase. Notably, Latin America was the only region to experience growth compared to February, reinforcing its position as an expanding target amid rapid digitalization. 

APAC followed with 3,026 weekly attacks, reflecting a 4% year-over-year decline, while Africa averaged 2,722 attacks, experiencing the sharpest reduction at -22% year over year, though remaining among the most targeted regions overall. 

Region  Weekly Attacks per Organization  YoY Change 
Latin America  3,054  +9% 
APAC  3,026  -4% 
Africa  2,722  -22% 
Europe  1,647  -7% 
North America  1,384  -8% 

Europe and North America both recorded moderate year-over-year declines, yet continue to face substantial baseline attack volumes, reinforcing that even mature markets are not immune to sustained cyber pressure. 

GenAI Usage Continues to Elevate Data Exposure Risk 

Enterprise GenAI adoption remained widespread throughout March 2026, intensifying data leakage risk despite reductions in overall attack volumes. Key GenAI exposure indicators in March include: 

  • 1 in every 28 GenAI prompts posed a high risk of sensitive data leakage 
  • 91% of organizations using GenAI tools regularly were impacted by this risk 
  • An additional 17% of prompts contained potentially sensitive information 
  • Organizations used an average of 9 different GenAI tools, signaling fragmented adoption 
  • The average enterprise user generated 78 GenAI prompts per month 

While GenAI usage expanded, the proportion of high-risk interactions increased compared to February, highlighting persistent governance and visibility gaps. Without centralized controls, organizations remain vulnerable to credential leakage, intellectual property exposure, internal data mis-sharing, and unintended third-party risk amplification. 

Ransomware Activity Rebounds Month Over Month 

In March 2026, 672 ransomware attacks were reported globally. This represents an 8% decrease year over year, yet a 7% increase compared to February, indicating renewed attacker momentum following short-term declines earlier in the quarter. 

North America remained the most affected region, accounting for 55% of reported incidents, followed by Europe at 24% and APAC at 12%. Europe’s share rose significantly from 17% in February, suggesting a rebalancing of attacker focus toward high-value EU targets. 

*This data is derived from ransomware “shame sites” operated by double-extortion groups. While inherently biased, these sources provide valuable insight into ransomware operations and trends. 

Ransomware Targets Concentrate on High-Impact Industries 

 Business services remained the most targeted sector, accounting for 35% of ransomware victims, followed by consumer goods & services (14%) and industrial manufacturing (13%). Together, the top three industries represented 61% of all reported ransomware incidents, underscoring attackers’ focus on sectors where downtime and data exposure translate directly into financial leverage. 

The mid-tier cluster, including financial Services, government, and healthcare & medical—accounted for a combined 14% of victims, with each sector increasing its share compared to February, signaling broader distribution beyond traditional ransomware strongholds. 

Industry  Ransomware Victims 
Business Services  34.5% 
Consumer Goods & Services  14.0% 
Industrial Manufacturing  13.0% 
Financial Services  5.2% 
Government  4.6% 
Healthcare & Medical  4.6% 
Automotive  3.7% 
Transportation & Logistics  3.6% 
Information Technology  3.4% 
Education  2.5% 
Media & Entertainment  2.1% 
Energy & Utilities  1.8% 
Telecommunications  1.3% 
Real Estate, Rentals, & Leasing  1.3% 
Hospitality, Travel, & Recreation  1.0% 
 Ransomware Attacks per Country 

Country-level analysis shows ransomware activity remains heavily concentrated in North America but continues to span multiple continents. The United States accounted for 51.8% of reported attacks, followed by Germany (4.8%)France (4.5%), and the United Kingdom (3.7%). 

Country  Ransomware Victims 
United States  51.8% 
Germany  4.8% 
France  4.5% 
United Kingdom  3.7% 
Canada  3.6% 
Italy  3.4% 
Spain  1.9% 
Brazil  1.8% 
Thailand  1.5% 
Colombia  1.2% 

The top impacted countries span North America, Europe, Asia, and Latin America, reinforcing ransomware’s global reach despite regional concentration. 

Leading Ransomware Groups Expand Their Influence 

Ransomware activity in March remained fragmented yet dominated by a small number of high-output groups. Qilin led activity, responsible for 20% of published attacks, followed by Akira (12%) and DragonForce (8%). While the top three accounted for 40% of incidents, a total of 47 different ransomware groups publicly impacted organizations worldwide last month. 

  • Qilin: One of the most established ransomware-as-a-service (RaaS) operations, active since 2022. Formerly known as Agenda, Qilin operates a mature affiliate ecosystem with Rust-based encryptors, negotiation infrastructure, and dedicated support services. Since early 2025, the group has significantly expanded affiliate recruitment and victim disclosures. 
  • Akira: First observed in 2023, Akira targets Windows, Linux, and ESXi systems. The group has increasingly focused on business services and industrial manufacturing, deploying a Rust-based ESXi-focused encryptor with selective VM targeting and sandbox evasion mechanisms. 
  • DragonForce: A RaaS group operating a white-label “cartel” model allowing affiliates to run independent brands atop shared infrastructure. DragonForce’s activity accelerated in March, following absorption of displaced RansomHub affiliates and high-profile social engineering campaigns targeting major UK retailers. 
What March’s Trends Reveal About the Threat Landscape 

March 2026 suggests that cyber threats are entering a phase of compressed volatility rather than sustained escalation. Overall attack volumes declined modestly, yet ransomware activity rebounded month over month, GenAI-driven exposure intensified, and targeted sector pressure shifted rather than disappeared. 

At Check Point Software, our research shows that temporary declines do not signal reduced risk. Attackers continue refining precision, timing, and targeting, exploiting seasonal cycles, emerging technologies, and operational blind spots. In this environment, reactive security models remain insufficient. A prevention-first, AI-driven, multi-layered security strategy—spanning cloud, network, endpoint, and user environments—is essential to controlling exposure and building long-term cyber resilience. Staying ahead now requires anticipating attacker behavior, not merely responding to incidents after impact.