Original article ISPreview UK:Read More
The latest Q2 2025 threat protection report from NordVPN, which is a familiar Virtual Private Network (VPN) provider, has revealed that the UK now ranks third in the world for the number of cyberattacks it attracts – having seen a surge of 103 million incidents (up by 7% in Q1) of malware being sent to Brits via emails and texts, malicious sites and infected attachments etc.
First things first, NordVPN has a clear vested interest here as the data gathered for this report – between 1st Jan 2024 and 1st July 2025 – comes from their optional cybersecurity solution (‘Threat Protection Pro’), which is often an incentive to make the situation look as bad as possible to help drive sales. But the data itself does still carry some interest.
The UK follows only the United States (2.91bn total malware incidents) and Canada (1bn) in the global rankings for malware activity. But while the US saw more attacks overall, the UK’s concentration of malware per user remains one of the highest. For example, in the USA there were 1,281 incidents by device per month during Q2, but in the UK this hit 1,473. The UK also attracts much more malware than any other European country.
The main reason for this is that the UK has always been disproportionately big when it comes to its digital economy, including high smartphone use, widespread online banking, and a population that shops, works, and socialises online more than ever.
European Countries Most Affected by Total Malware Incidents (H1)
1. United Kingdom 1.05bn (1,473)
2. Germany 355m (661)
3. France 322.6m (521)
4. Netherlands 322.4m (1,272)
5. Norway 286m (4,044)NOTE: The figure in brackets represents incidents by device per month.
The data also reveals that Google is the most impersonated brand (32,420 fake web page addresses were associated with it), followed by Yahoo! (17.3k), Telegram (3.75k), Steam (3.74k), Outlook (3.59k) and Amazon (2.25k). Meanwhile, the web domain categories that attract the most malware include video hosting (2.17bn blocked malware incidents), streaming (2.13bn), content delivery (1.89bn), file sharing/storage (1.79bn) and entertainment (1.03bn).
Finally, the most commonly blocked malware during the first half of 2025 was identified as the APC (Advanced Persistent Cyber) virus and its many variants (e.g. APC.AVAHC, /APC and APC.YAV), which often targets system configurations and automated processes to cause disruptions. NordVPN said they blocked 717k “attacks” using this malware, which is significantly more than the next closest malware (the Redcap.ovgfv trojan – 43,298 attacks intercepted).