Spain is the country with the second most cyber threats in the world: this is how they are attacking us

Year after year, Spain tends to be among the countries with the most cyberattacks in the world. This is due, among other things, to our excellent ability to detect threats, and also because Spanish is one of the languages ​​most commonly used by cybercrime syndicates when launching their malicious campaigns. According to a study by the cybersecurity company ESET, Spain was the country with the second most cyberthreats detected globally during the first six months of 2025, behind only Japan. During that time, cybercrime is estimated to have generated economic losses of approximately €813 million worldwide.

"In these first six months of 2025, Spain has established itself as one of the main targets for cybercrime worldwide. We see how techniques such as phishing continue to be the most common, but also how new threats, such as ClickFix, are rapidly gaining ground," says Josep Albors, director of research and communications at ESET Spain. The expert emphasizes that "the seasonality of attacks, their technical evolution, and the growing exploitation of the mobile environment force us to redouble our efforts in prevention and digital education."

According to ESET data, cyberattack activity in Spain varies considerably depending on the work and holiday calendar. Significant increases are detected with the start of the Christmas season. In contrast, holiday periods, such as the beginning of the year or the Easter and May holidays, show a sharp drop in detections. This pattern is due both to lower user exposure and the reduced activity of certain cybercriminal groups, especially those originating in the East, where Orthodox religious holiday calendars are observed.

Regardless, phishing emails, which are emails in which criminals attempt to trick users into stealing sensitive data, continue to represent the main threat facing Spanish users and businesses. Specifically, it accounts for 20% of all alerts registered in the country. Furthermore, ESET Spain explains that the presence of threats that exploit old Microsoft Office vulnerabilities in the top ten is particularly worrying, highlighting the low level of patching and updating for many systems still in use in the country.

One of the report's key revelations is the growing use of the ClickFix technique to hack computers and steal information from victims. In these cases, criminals display fake error messages on websites impersonating companies like Google. They seek to trick Internet users into believing they are performing an update when, in reality, they are installing malicious code on the device, which can typically access all types of stored information or even take control of it.

According to ESET data, this deception technique, first detected a year ago, has grown by 517% in just six months and now represents the second most common attack vector in Spain, behind only phishing. Furthermore, Spain is the third country in the world where criminals are most frequently using the SnakeStealer malicious code for data theft.

Ransomware , the term used to describe malicious code that seeks to paralyze a company's computers and then extract a ransom, also continues to cause problems for Spanish businesses. Globally, 5,100 attacks have been recorded, attributed to 96 active groups. Many of these specifically target small and medium-sized businesses.