The Biggest Cybersecurity Threats in Poland at the Beginning of 2025

• From the beginning of 2025, Poland has been among the most cyber-attack threatened countries in Europe. Polish businesses are attacked on average 1500 times a week.
• The most vulnerable sectors of the economy include the public utility governmental-military sector (over 2000 attacks) and the financial sector.

• The main vector of attacks on Polish companies is an e-mail – as many as 6 out of 10 attacks and thefts of confidential data are a result of users opening messages with malicious links or harmful software embedded.

With the dynamic development of technology, cybercriminals constantly improve their methods of attacks, using artificial intelligence, social engineering, and advanced masking techniques. The latest Global Threat Index published by Check Point Software Technologies shows that Poland is not free from these threats.

From the beginning of 2025, Poland has been among the most cyber-attack threatened countries in Europe. Polish businesses are attacked on average 1500 times a week. But there are exceptions – the most vulnerable sectors of the economy include the public utility governmental-military (over 2000 attacks) and financial sectors. The main vector of attacks on Polish companies is an e-mail – as many as 6 out of 10 attacks result from individual users, company employees, or administrators opening messages with a malicious link or harmful software embedded.

Check Point analysts have revealed what programs are attacking Polish networks and how they infect users.

1. Formbook – Data theft and user monitoring

Formbook is an advanced infostealer virus, first identified in 2016. Its main goal is to steal authentication data from web browsers, capture screenshots, log keypresses and download and execute additional malicious software payloads. Formbook mainly spreads through phishing campaigns, infected e-mail attachments, and websites masquerading as legitimate services. In January, it affected 2.56% of Polish networks.

2. Remcos – Remote system control

Remcos is a Remote Access Trojan (RAT) that first appeared in 2016. It is distributed through infected Microsoft Office documents attached to spam messages sent by hackers. Its objective is to evade Windows system protections (including UAC) and execute malicious code with elevated privileges. This allows cybercriminals to take full control of the attacked system, which can lead to the leakage of confidential data and further infections. In January 2025, Remcos affected 2.38% of Polish networks.

3. FakeUpdates – Fake browser updates

FakeUpdates (also known as SocGholish) is a malware downloader – a virus that was first detected in 2018. It spreads through websites that encourage users to download a supposed browser update. In reality, it infects the system, installing additional malicious software that can be used for further attacks, including the installation of ransomware. FakeUpdates, linked to the Russian hacking group Evil Corp, affected 2.01% of Polish networks. The tool was also the leader among all malicious programs worldwide.

AI helps cybercriminals in attacks

– Artificial intelligence is transforming the landscape of cyber threats, and cybercriminals are rapidly developing their methods, using AI for automation, scaling their tactics and enhancing their capabilities. To effectively counter these threats, government administrations and organizations must go beyond traditional defensive mechanisms and implement proactive AI-based security measures that can predict emerging risks – says Maya Horowitz, Vice President of Research at Check Point Software.

A recent investigation conducted by security researchers revealed that an affiliate of RansomHub used a Python-based backdoor to maintain persistent access and deploy ransomware software in various networks. Installed shortly after gaining initial access through FakeUpdates, the backdoor used advanced code obfuscation techniques and AI-assisted programming patterns. The attack involved lateral movement via the Remote Desktop Protocol (RDP) and establishment of persistent access by creating scheduled tasks.

How to protect yourself?

To effectively counter these threats, Check Point experts recommend not opening email attachments from unknown senders, regularly updating operating systems and antivirus software, as well as using strong passwords and multi-factor authentication. Training employees and users about cyber threats and monitoring network activity for suspicious behavior are also important elements.

Cybersecurity is a process that requires constant attention and adaptation to new threats. In the face of increasing cyber attacks, it is worth investing in advanced protective technologies and implementing effective risk management strategies.