Organizations in Europe, the Middle East and Africa (EMEA) are facing a dramatic increase in infostealer attacks, according to Check Point.
In its latest EMEA Cyber Threat Intelligence report, launched on February 4 during its CPX 2025 Vienna conference, Check Point Research observed a 58% increase in infostealer attacks targeting organizations in the region over the past year.
The firm added that it saw over 10 million stolen credentials associated with EMEA organizations available for sale in underground cybercrime markets.
Additionally, three infostealer malware strains, AgentTesla, Lumma Stealer and FormBook, were among the top malware threats in the region, frequently targeting VPN credentials and authentication tokens.
Check Point said this explosion of infostealers is fueling a rise in stolen credentials, session hijacking and corporate breaches.
“Session hijacking is now a primary technique for bypassing multifactor authentication (MFA), allowing attackers to gain persistent access to corporate environments,” the report noted.
According to Sergey Shykevich, Check Point’s Group Manager of Threat Intelligence, the rise of infostealer malware also proves the adversaries’ ability to adapt.
"Cybercriminals are no longer just breaching systems—they are selling access. The rise of infostealers and initial access brokers has created an underground marketplace where stolen credentials fuel a wider range of cyberattacks, including ransomware and financial fraud,” Shykevich added.
Speaking to Infosecurity, the analyst said infostealers are a particularly acute threat because they are "relatively easy to develop, do not require a high sophistication level, yet they are very hard to defend against."
During his CPX 2025 opening speech, Check Point’s newly appointed CEO, Nadav Zafrir, admitted that cyber attackers are often “more agile” than defenders, which creates an “asymmetric arms race.”
“Cybersecurity is a learning competition, and the good guys must learn from the bad guys, too,” Zafrir said.
No tags.
