Poland among the top countries for cyberattacks. New data from ESET

Poland ranks among the world’s top countries most frequently affected by several types of cyber threats detected by ESET systems. The company’s latest report also shows that artificial intelligence is increasingly not creating new methods of attack, but rather enhancing the effectiveness of those already well known.

3 Min Read
cyber security, Zero trust, cyber attacks on companies
Author: benjamin lehman / Unplash

Poland was among the most frequently targeted countries in ESET’s telemetry data for the period from December 2025 to May 2026. According to the company’s press release, the country ranked first in terms of the detection of downloaders – programmes that download further components of an attack – and the CloudEye tool. It also came second in the categories of email and web threats, and third for ransomware and attempted attacks on remote desktop services.

This is not a comprehensive ranking of all cyberattacks worldwide. The list shows incidents detected by ESET’s solutions, so its results depend, amongst other things, on the scale of the company’s product usage in individual countries. Nevertheless, the wide range of categories suggests that Poland remains a key target for both mass campaigns and more sophisticated hacking attempts.

The biggest change is not the emergence of entirely new methods, but rather their faster scaling. ESET analysed nearly 900,000 add-ons and instructions for AI agents. Over 25,000 were deemed suspicious, and over 3,000 were identified as malicious. Such components can gain access to files, services and tools; therefore, a faulty or deliberately malicious add-on can become a point of entry into corporate data.

Rather than relying on entirely new methods and tools, attackers are rapidly adapting tried-and-tested techniques to new platforms, technologies and user behaviours. The number of add-ons for AI agents is growing very rapidly, whilst simultaneously increasing the potential attack surface, adds Kamil Sadkowski.

ESET also describes PromptSpy as the first known Android malware to utilise generative AI during operation. The malware uses the Gemini model to interpret interface elements and adapt its behaviour to the device. Such cases are still rare, but they illustrate the direction in which threats are evolving.

Simpler social engineering attacks are also on the rise. The number of ClickFix detections rose by 108 per cent, and around 11 per cent of detected phishing messages contained a QR code. At the same time, ransomware remains active, although fewer victims are paying the ransom. Chainalysis estimates that by 2025, payments will have fallen by 8 per cent to $820 million, despite a 50 per cent increase in the number of reported attacks.

Share This Article