Despite sustained exposure to phishing and malicious URLs, malware execution in the UAE drops as organisations disrupt attacks earlier in the kill chain
New research from Acronis reveals that organisations across the UAE are becoming significantly more effective at preventing cyber attacks from escalating, despite continued exposure to phishing emails and malicious campaigns throughout 2025. According to the company’s latest global cyberthreat analysis for the second half of 2025, malware execution in the UAE declined steadily after peaks early in the year an indication that defensive measures are maturing and threat chains are being interrupted earlier.
The report shows that malware activity across the country surged in the first quarter of 2025, reaching a high point around March before tapering off as the year progressed. Analysts attribute the fluctuating pattern to short-lived, campaign-driven attacks rather than long-term, persistent infections. Many of these early spikes aligned with business-themed phishing lures commonly seen across the Gulf, including fraudulent invoices, payment requests, and logistics updates tactics designed to exploit trust in everyday business processes.
“Attackers are rapidly integrating AI into their operations, and the cybersecurity landscape is entering a new era that requires automation, anticipation, and resilience.”
— Gerald Beuchelt, CISO, Acronis
Despite this, UAE exposure to malicious URLs remained consistently high across 2025. While harmful links continued to reach users, they were increasingly blocked before triggering malware on endpoints. This shift suggests that organisations are more successfully disrupting attacks before payloads can execute, reducing overall impact and damage.
Globally, email remained the dominant attack vector. Acronis recorded a 36% increase in email-based attacks in H2 2025 compared to the first half, with phishing representing 83% of all email threats. Meanwhile, collaboration platforms saw more targeted, advanced attack activity, highlighting the different tactical approaches threat actors use across communication channels.
The year also saw threat actors scale operations through AI. Groups leveraged AI for automated reconnaissance, data exfiltration, extortion management, and more psychologically manipulative social-engineering scams including AI‑generated “proof of life” imagery in virtual kidnapping attempts.
Ransomware remained concentrated among a few highly sophisticated operators, with just three groups responsible for more than half of all disclosed victims. Manufacturing, technology, healthcare, finance, and construction were among the most heavily targeted sectors globally.
For deeper insights, readers can access the full Acronis H2 2025 Cyberthreats Report at acronis.com.
