Author: Alexander Ivanyuk — Senior Director, Technology
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in December 2025 and reflect threats that Acronis detected, as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incident of the month
In December 2025, one of the most consequential cybersecurity incidents of the month occurred when a large-scale cyberattack disrupted La Poste, France’s national postal service, and spilled over into La Banque Postale, affecting digital services relied upon by millions of citizens. The incident drew widespread attention because La Poste underpins critical national infrastructure, including parcel delivery, digital identity services and consumer banking access, and the disruption happened during the peak pre-Christmas period when service availability is most critical.
The attack knocked large portions of La Poste’s IT systems offline, rendering customer portals, mobile applications and digital identity services unavailable, while La Banque Postale customers experienced outages across online and mobile banking channels. Although authorities stated that no customer data was compromised and core banking functions continued to operate, the loss of digital access highlighted how cyberattacks targeting availability — rather than data theft — can still have nationwide impact when they affect organizations that sit at the center of public services and daily economic activity.
December web threat detections
In December, Acronis Cyber Protect blocked almost 23.5 million dangerous URLs on endpoints.
The below table show the percentage of Acronis clients that had at least one web-based threat blocked at the endpoint (by months). The higher the percentage, the higher the risk of a workload in that country being attacked by malware. The second table represents Top 3 countries by the normalized percentage of users who experienced at least one malware threat during December.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behaviour-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And, your Acronis #CyberFit score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.