Global cyber-attack volumes moderated in May 2026, but ransomware incidents, GenAI-related data exposure risks, and travel-focused phishing campaigns expanded.
Global cyber attacks declined 7% month over month in May 2026, averaging 2,055 weekly attacks per organization, reports Check Point Research. However, ransomware incidents increased 48% year over year, while GenAI-driven data exposure and travel-sector phishing campaigns continued to expand across enterprise environments.
The apparent decline in attack volumes does not indicate a reduction in cyber risk. According to Check Point Research, threat actors continue to adjust their timing, infrastructure, and targeting strategies as organizations expand their digital footprints and adopt new technologies. “Short-term volume moderation does not equal reduced risk,” says the company. “Adversaries keep recalibrating timing, tools, and targeting, and May is a clear example of that pattern.”
The latest threat intelligence data from Check Point Research shows that cyber activity is evolving beyond simple attack-volume measurements. While overall attack frequency softened from April’s rebound, several indicators point to a restructuring of the threat landscape rather than a slowdown.
Education remained the most targeted industry globally, recording an average of 4,641 weekly cyber attacks per organization in May, a 7% increase compared to the same period last year. Government organizations followed with 2,620 weekly attacks, while telecommunications companies recorded 2,583.
More notable shifts occurred in sectors that historically received less attention from threat actors. Agriculture experienced a 51% year-over-year increase, reaching 2,243 weekly attacks per organization. Hospitality, travel, and recreation rose 24% to 2,291 weekly attacks, while construction and engineering increased 23% to 1,999.
According to Check Point Research, growing digitalization across these industries, combined with the widespread availability of automated attack tools, has expanded the attack surface available to cybercriminals.
Regionally, Latin America remained the most targeted geography, averaging 3,149 weekly attacks per organization, up 13% year over year. The data reflects a pattern in which digital transformation initiatives continue to advance faster than cybersecurity maturity across many organizations.
At the same time, enterprises are facing additional risks associated with GenAI adoption. Check Point Research found that one in every 25 GenAI prompts submitted from enterprise networks carried a high risk of sensitive data leakage. Furthermore, 91% of organizations using GenAI tools were exposed to this risk category, while 22% of prompts contained potentially sensitive information.
Ransomware Reaches Highest Growth Rate of 2026
The most significant development during May was the acceleration of ransomware activity. Check Point Research recorded 698 publicly reported ransomware attacks worldwide, compared with 472 incidents in May 2025, representing a 48% year-over-year increase and the fastest ransomware growth rate observed during 2026.
The increase was distributed across all major regions. Asia recorded a 119% increase, the European Union, the Middle East, and Africa increased 40%, and the Americas rose 39%.
Business services organizations were the most affected segment, accounting for 35% of all ransomware victims. Reported incidents within the sector increased from 54 to 248 in a single year, representing growth of 359%. Consumer goods and services recorded a 223% increase, while industrial manufacturing experienced a 50% rise.
North America accounted for 49% of reported ransomware victims globally. The European Union represented 22%, and Asia-Pacific represented 19%. The United States alone accounted for 43% of all reported ransomware victims worldwide. The ransomware ecosystem also became increasingly fragmented. While the three most active groups accounted for 39% of reported incidents, an additional 58 groups remained operational during May.
According to Check Point Research, Qilin led all ransomware operators, accounting for 14% of published attacks. The Gentlemen ranked second with 10%, despite having no recorded activity during May 2025. DragonForce ranked third with 8% after expanding its affiliate network throughout the first months of 2026.
Travel Industry Becomes a Prime Target for Phishing
Beyond ransomware, researchers identified a parallel increase in travel-related cybercrime as the summer vacation season approached. The hospitality, travel, and recreation sector has experienced one of the fastest increases in cyber attacks globally. Attack volumes more than doubled over the last three years, rising from 1,032 weekly attacks per organization in May 2023 to 2,291 in May 2026, representing cumulative growth of 122%.
Check Point Research attributes the trend to the concentration of personal, financial, and travel-related information handled by the sector, combined with seasonal booking surges that create opportunities for social engineering campaigns.
In May 2026 alone, researchers identified 47,318 newly registered travel-related domains, a 33% increase from April and 19% higher than May 2025. One out of every 112 domains was already classified as malicious or suspicious.
The investigation uncovered multiple large-scale phishing infrastructure campaigns. These included hundreds of hotel-themed domains, travel reward scams impersonating financial brands, and domain-saturation campaigns targeting travel companies across dozens of top-level domains.
Researchers also identified active phishing websites impersonating major travel platforms, including Booking.com, Airbnb, and Skyscanner. These fraudulent websites were designed to collect login credentials, payment information, and booking deposits from travelers.
The findings highlight a broader trend affecting both consumers and enterprises. Travel-related phishing campaigns increasingly target employees who access corporate systems while traveling, creating additional exposure for organizations beyond direct financial fraud.
Check Point Research recommends that organizations strengthen employee awareness programs, implement multifactor authentication, monitor GenAI usage policies, and reinforce ransomware preparedness measures.
Click Here For The Original Source.
