Fortinet has released its 2025 Global Threat Landscape Report, detailing a significant rise in cyber threats throughout 2024.

The report attributes this increase to the rapid adoption of artificial intelligence, automation, and widespread availability of commoditised hacking tools.

These developments have weakened the effectiveness of traditional security defences and accelerated the pace and scale of cyberattacks.

Compiled by FortiGuard Labs, the report highlights a 16.7% year-on-year rise in automated scanning activity, with approximately 36,000 scans taking place every second worldwide.

Threat actors are increasingly shifting their focus to earlier stages in the attack process, targeting protocols such as Session Initiation Protocol (SIP), Remote Desktop Protocol (RDP), as well as operational technology systems and Internet of Things infrastructure like Modbus TCP.

The report notes the continuing evolution of the cybercrime marketplace, particularly on the dark web, which has developed into a mature ecosystem for selling exploit kits and corporate access data.

In 2024, more than 40,000 new vulnerabilities were added to the US National Vulnerability Database, a 39% increase from 2023.

Cybercriminals capitalised on this by offering initial access packages that often included enterprise credentials (20%), RDP access (19%), admin panels (13%), and malicious web shells (12%).

One of the most concerning developments is the sharp growth of data leaks caused by infostealer malware.

FortiGuard Labs recorded a 500% rise in logs from compromised systems, resulting in over 1.7 billion stolen credentials being circulated on underground forums in 2024.

This has led to a marked increase in targeted attacks on businesses and individuals.

The report also flags the growing use of generative artificial intelligence tools such as FraudGPT, BlackmailerV3, and ElevenLabs by cybercriminals to create convincing phishing content.

These tools enable attackers to produce large volumes of tailored material, allowing them to evade detection more effectively.

Manufacturing was the most targeted sector, accounting for 17% of attacks, followed by business services at 11%, construction and retail at 9% each.

Many of these operations appeared to be backed by nation-state actors or groups offering Ransomware as a Service.

The US experienced the majority of documented attacks at 61%, far ahead of the United Kingdom (6%) and Canada (5%).

Vulnerabilities in cloud infrastructure and identity management remain a serious issue.

Exposed cloud storage, misconfigured services, and excessive permissions continue to provide entry points for threat actors.

In 70% of analysed cloud incidents, access was gained through unusual login locations, underlining the importance of adaptive access controls and stronger identity monitoring.

Additionally, over 100 billion compromised records were found circulating on darknet forums in 2024, representing a 42% increase compared to the previous year.

This surge was largely driven by the spread of “combo lists” that bundle stolen usernames, passwords, and emails for use in automated credential-stuffing attacks.

The most active groups included BestCombo, BloddyMery, and ValidMail.

The report calls for a shift in cyber defence strategies to keep pace with increasingly sophisticated threats.

Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at FortiGuard Labs, commented,

“Our 2025 Global Threat Landscape Report makes it clear: cybercriminals are scaling faster than ever, using AI and automation to gain the upper hand.”

He added that defenders must move beyond outdated security playbooks and adopt proactive, intelligence-driven approaches involving artificial intelligence, zero trust architectures, and continuous threat exposure management.

To assist Chief Information Security Officers, the report includes a section titled “CISO Playbook for Adversary Defence”, offering several strategic recommendations.

These include continuous threat exposure management through real-time monitoring and automated responses, simulation of real-world attacks using red or purple teaming and the MITRE ATT&CK framework, and the reduction of attack surfaces through asset discovery and leaked credential tracking.

Risk-based patch management is encouraged, using tools such as Exploit Prediction Scoring System and Common Vulnerability Scoring System, along with threat actor intelligence.

The integration of dark web intelligence is also recommended for detecting new ransomware campaigns and hacktivist activity.

In conclusion, Fortinet’s findings reflect a rapidly shifting threat environment, with cybercriminals leveraging emerging technologies to outpace defenders.

The report urges organisations to build resilience through adaptive and intelligence-led cybersecurity strategies.

Featured image credit: Fortinet