Canadian firms lost over CAD $103 million to deepfake scams

Canadian organisations faced an average of 1,309 cyber attacks per week during the first half of 2025, according to new research highlighting the increasing threat posed by cybercriminals in the country.

The findings come from Check Point Research's 2025 Mid-Year Cyber Snapshot, which details how generative AI is being used to scale phishing campaigns, generate deepfakes, and create malware capable of evading conventional security methods. The report points to a notable financial impact, with Canadians collectively losing more than CAD $103 million to deepfake-enabled crypto scams in the same period.

Rising attack volumes

The report indicates that targeted campaigns are rising, placing government, military, and critical infrastructure among the most frequently attacked sectors. Healthcare and manufacturing also remain under threat, particularly from ransomware and information-stealing malware. The data suggests that organisations must contend with more rapid, covert, and coordinated attacks than in previous years.

Information disclosure has emerged as the leading vulnerability, affecting 70% of Canadian organisations this year. This category of exploit can expose sensitive data to cybercriminals, posing a significant risk where the confidentiality and integrity of business operations are concerned.

Email remains the key attack vector

Phishing attacks continue to be a primary delivery method for malicious files. According to the report, 71% of all malicious files distributed in Canada over the past thirty days arrived via email, underlining the persistence and success of social engineering tactics among threat actors.

The report further breaks down prevalent malware in Canada, listing FakeUpdates, AsyncRAT, Lumma, Qbot, and Androxgh0st among the most detected threats during the first half of the year. Each of these malware types exhibits capabilities ranging from downloading additional payloads to providing remote access and stealing sensitive credentials.

Broader global trends

On a global scale, impersonation of brands in phishing campaigns continues to be a significant risk. Check Point Research found that Microsoft was the most impersonated brand in phishing attacks in the second quarter of 2025, accounting for 25% of attempts. Google and Apple followed at 11% and 9% respectively, while Spotify returned to the top ten, featuring in 6% of campaigns targeting users with fake login pages.

Infostealer infections have risen sharply by 58%, with attackers increasingly exploiting Bring-Your-Own-Device (BYOD) environments and poor endpoint visibility. Tools such as Lumma are being used to obtain VPN credentials and session tokens, which can then be leveraged for initial unauthorised access into business networks.

Check Point Research has also observed a shift in ransomware operations, with perpetrators more often threatening to leak exfiltrated data unless a ransom is paid. Sectors such as healthcare and critical infrastructure are regarded as especially attractive targets for these tactics.

Other attack strategies highlighted include targeting network edge devices such as firewalls and routers to establish persistent access points. These devices are now also being utilised as Operational Relay Boxes to disguise the origins and movement of threat actors.

Cloud complexity and vulnerabilities

The report notes that cloud services remain a focal point for attackers, particularly when APIs are misconfigured or hybrid environments are involved. The increasingly complex task of managing permissions, single sign-on dependencies, and the integration of AI models has introduced new vulnerabilities and blind spots for IT teams working to secure company data and systems.

AI's dual role in cyber risk and defence

Check Point's 2025 AI Security Report underscores that generative AI is enabling cybercriminals to develop sophisticated deepfakes, polymorphic malware, and strikingly authentic phishing attempts. With 71% of malicious files distributed by email in recent weeks, the threat from AI-enabled phishing campaigns is seen as an immediate challenge.

"Generative AI is now being weaponized to create deepfake impersonations, polymorphic malware, and highly convincing phishing content. In Canada, where 71% of malicious files were delivered via email in the past 30 days, the use of AI to enhance phishing campaigns poses an immediate and growing risk. To counter this, Canadian organizations must embrace AI-driven threat prevention, behavioral analytics, and real-time intelligence to stay ahead of increasingly sophisticated attacks."

Calls for a prevention-first approach

The pace and complexity of the cyber threat landscape have led to recommendations that Canadian organisations establish a prevention-focused mindset. This includes deploying AI-powered security solutions that can detect and block threats in real time, improving vulnerability and patch management procedures, strengthening cloud and identity controls, and enhancing staff training to better recognise phishing and social engineering tactics.

The report concludes that organisations in Canada are confronting fast-evolving cyber threats as attackers continue to exploit technical weaknesses and human error through phishing, malware, and extortion schemes. Staying informed and adapting security strategies will be essential as Canadian businesses prepare for the second half of 2025.