Cybercriminals are accelerating their operations, leveraging advanced automation, commoditized technology, and artificial intelligence (AI) to erode the traditional defensive advantages once held by enterprises. Fortinet’s FortiGuard Labs highlights these developments in its newly released 2025 Global Threat Landscape Report, offering an in-depth analysis of cyberattack strategies and the evolving threat trends observed throughout 2024.
“Our latest Global Threat Landscape Report makes one thing clear: cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at Fortinet FortiGuard Labs.
Mr. Manky emphasized that traditional security models are no longer sufficient and urged organizations to embrace proactive, intelligence-driven defenses, integrating AI, zero trust frameworks, and continuous threat exposure monitoring to stay ahead.
Among the key findings, Fortinet identified a significant surge in automated scanning activities. Threat actors globally intensified their use of automation to locate vulnerable digital infrastructures early. Active scanning in cyberspace rose by 16.7% in 2024 compared to the previous year, reaching a record high.
FortiGuard Labs reported billions of scans monthly, equating to 36,000 scans every second. These efforts increasingly targeted exposed services such as SIP, RDP, and OT/IoT protocols like Modbus TCP, demonstrating a more sophisticated reconnaissance phase among cybercriminals.
Dark Web
The dark web played a crucial role in facilitating attacks, becoming an even more active marketplace for exploit kits and initial access tools. Fortinet observed that more than 40,000 new vulnerabilities were added to the National Vulnerability Database during 2024, a 39% jump over 2023.
Cybercrime forums provided easy access to admin panels, web shells, and corporate credentials, while the circulation of zero-day exploits remained rampant. A concerning 1.7 billion sets of stolen credentials were traded in underground marketplaces, accompanied by a 500% year-over-year increase in infostealer malware logs.
Artificial intelligence emerged as a potent weapon for threat actors. Tools like FraudGPT and BlackmailerV3 enabled cybercriminals to create highly convincing phishing campaigns and bypass traditional detection mechanisms. Unlike public AI platforms that impose ethical constraints, these malicious AI systems facilitate scalable, convincing, and highly damaging operations.
Targeted attacks on critical industries intensified throughout the year. Sectors such as manufacturing, healthcare, and financial services were increasingly victimized, often by ransomware-as-a-service (RaaS) operators and nation-state-affiliated groups. In 2024, manufacturing emerged as the most targeted sector, representing 17% of attacks, followed by business services (11%), construction (9%), and retail (9%). The United States remained the primary target, absorbing 61% of recorded incidents, trailed by the United Kingdom at 6% and Canada at 5%.
Identity Monitoring
The cloud and IoT ecosystems also presented fertile ground for attackers. Adversaries continued to exploit misconfigured cloud services, open storage buckets, and poorly secured identities. 70 percent of cloud breaches analyzed by FortiGuard Labs involved unauthorized credential use originating from unidentified foreign actors, highlighting the growing importance of robust identity monitoring strategies.
Credential theft and exchange have evolved into a primary currency for cybercrime. Underground forums witnessed the trading of over 100 billion stolen records in 2024, a 42% rise compared to the previous year. ‘Combo lists’ containing usernames, passwords, and email addresses fueled automated credential-stuffing attacks at scale. Cybercriminal groups such as BestCombo, BloddyMery, and ValidMail played a significant role in systematizing these credential packs, making account takeovers and corporate espionage even more accessible.
Fortinet’s 2025 Global Threat Landscape Report underlines the urgency for chief information security officers (CISOs) to rethink traditional cyber defense strategies. The report offers tactical insights aimed at empowering security teams to preempt cyber threats before they materialize, rather than reacting after an incident. Emphasizing AI-driven security operations, zero-trust architectures, and continuous exposure management, Fortinet’s findings call for a shift from passive to proactive cybersecurity postures.
