Fortinet has announced the release of its 2025 Global Threat Landscape Report from Fortiguard Labs. The latest annual report is a snapshot of the active threat landscape and trends for 2024, including a comprehensive analysis of all tactics used in cyberattacks, as outlined in the MITER ATT & CK framework. Data reveals that threat actors increasingly use automation, commoditized tools, and AI to systematically invade the traditional benefits held by defenders.
“Our latest global threat landscape report makes one thing clear: Cybercriminals are accelerating their efforts to operate at unprecedented speeds and scale using AI and automation. “Traditional security playbooks are no longer sufficient. Organizations are moving towards aggressive intelligence-driven defense strategies with AI, zero trust, and ongoing threat exposure management, ahead of today’s rapidly evolving threat landscape.”
Here are the key findings from the latest Fortiguard Labs Global Threat Landscape Report:
Autoscans record highs as attackers shift left to identify exposed targets earlier. To take advantage of new vulnerabilities, cybercriminals are deploying automated scanning on a global scale. Active scans in cyberspace reached unprecedented levels in 2024, up 16.7% worldwide compared to the previous year, highlighting a sophisticated, large-scale information collection on exposed digital infrastructure. Fortiguard Labs observes billions of scans each month, equivalent to 36,000 scans per second, and has been revealed to focus on exposure services such as SIP and RDP, as well as mapping OT/IoT protocols such as Modbus TCP. DarkNet MarketPlaces provides easy access to neatly packaged exploit kits. In 2024, the Cyber Criminal Forum is increasingly operating as a sophisticated market for exploit kits, with over 40,000 new vulnerabilities added to the national vulnerability database, up 39% from 2023. Shell (12%). Additionally, Fortiguard Labs observed a 500% increase in logs available from systems compromised by Infostealer malware over the past year. AI-powered cybercrime is scaled quickly. Threat actors are leveraging AI to enhance phishing realism and avoid traditional security controls, making cyberattacks more effective and difficult to detect. Tools like fraud, Blackmailerv3, and ElevenLabs are driving more scalable, reliable, and effective campaigns without the ethical limitations of publicly available AI tools. Target attacks on key sectors intensify. Industry such as manufacturing, healthcare and financial services continue to experience a surge in customized cyberattacks as their enemies deploy sector-specific exploitation. In 2024, the most targeted sectors were manufacturing (17%), business services (11%), construction (9%), and retail (9%). Ransomware (RAAS) operators as national state actors and craftsmen focused these vertical efforts, with the US taking the brunt of the attack (61%), followed by the UK (6%) and Canada (5%). Cloud and IoT security risks escalate. Cloud environments continue to be the best target, with the enemy taking advantage of persistent weaknesses such as open storage buckets, over-permission identity and false services. In 70% of the observed incidents, attackers gained access through logins from unfamiliar regions, highlighting the important role of identity surveillance in cloud defense. Credentials are the currency of cybercrime. In 2024, cybercriminals shared a compromise record of over 100 billion in underground forums, driven primarily by the rise of “combolists” that include stolen usernames, passwords and email addresses. More than half of Darknet’s posts are involved in leaked databases, allowing attackers to automate large-scale qualification attacks. Famous groups such as BestCombo, Bloddymery and ValidMail were among the most active cybercriminal groups of the period, and by packaging and verifying these qualifications, they continued to lower barriers to intrusion, driving account acquisitions, financial fraud and a surge in corporate spyners.
Ciso Takeaways
Fortinet’s reports provide details on the latest attacker tactics and techniques, providing normative recommendations and actionable insights. Designed to empower CISOs and security teams, the report offers threat actors strategies to counter the strike before they strike, helping organizations move ahead of new cyber threats.
Download a copy of the 2025 Global Threat Landscape Report from Fortiguard Labs here.
