/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/media_files/2025/05/05/Z5ZK0uIB5gl9PkceYSM7.png)
Fortinet Releases 2025 Global Threat Landscape Report: Cyberattack Trends
Fortinet, a cybersecurity solutions provider, has published the 2025 edition of its Global Threat Landscape Report, developed by FortiGuard Labs. The report presents an overview of threat activity observed throughout 2024, offering a detailed analysis based on the MITRE ATT&CK framework, which categorises attacker behaviour across various stages of an attack.
Key Findings: Increased Use of Automation and AI in Cyberattacks
According to the report, threat actors are increasingly adopting automation, commoditised toolsets, and artificial intelligence to accelerate the scale and sophistication of cyberattacks. These advancements are contributing to a systematic erosion of the advantages traditionally held by cybersecurity defenders.
The findings emphasise how emerging tactics and evolving attack vectors are reshaping the security landscape, requiring organisations to adopt integrated, intelligence-driven strategies for threat detection and response.
“Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet FortiGuard Labs. “The traditional security playbook is no longer enough. Organisations must shift to a proactive, intelligence-led defence strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”
Fortinet Identifies Major Trends in Global Cyber Threat Landscape for 2025
Fortinet has released its 2025 Global Threat Landscape Report, offering detailed insights from FortiGuard Labs on evolving cyber threats and attacker behaviour throughout 2024. The report analyzes attack tactics based on the MITRE ATT&CK framework, with a focus on increasing the use of automation, artificial intelligence, and organized underground activity.
Key Findings from the 2025 Global Threat Landscape Report
Automated scanning reached record levels in 2024 as cybercriminals intensified efforts to detect exposed digital assets early in the attack chain. Global scanning activity increased by 16.7% year-over-year, with FortiGuard Labs recording 36,000 scans per second. Attackers focused on identifying vulnerabilities in services such as SIP, RDP, and protocols used in OT/IoT environments, including Modbus TCP.
Expansion of Exploit Kits in Darknet Marketplaces
Darknet forums increasingly functioned as marketplaces for exploit kits and initial access services. In 2024, over 40,000 new vulnerabilities were added to the National Vulnerability Database—a 39% increase from 2023. Offerings on underground platforms included corporate credentials (20%), RDP access (19%), and admin panel access (13%). There was also a 500% rise in logs from systems compromised by infostealer malware, with 1.7 billion stolen credential records circulating among threat actors.
Accelerated Use of AI in Cybercrime
Threat actors are using AI to improve the scale and effectiveness of their operations. Tools such as FraudGPT, BlackmailerV3, and ElevenLabs were deployed to enhance phishing realism and evade detection, allowing for more sophisticated and targeted campaigns.
Targeted Attacks on High-Risk Sectors
Sectors including manufacturing (17%), business services (11%), construction (9%), and retail (9%) experienced increased cyberattacks. Both nation-state actors and Ransomware-as-a-Service (RaaS) groups targeted these industries. The United States accounted for the majority of attacks (61%), followed by the United Kingdom (6%) and Canada (5%).
Growing Risks in Cloud and IoT Environments
Cloud environments remained a top target, with common vulnerabilities including misconfigured services, open storage buckets, and over-permissioned identities. In 70% of incidents, attackers accessed systems via unfamiliar geographic logins, reinforcing the need for improved identity and access monitoring.
Cybercriminals shared over 100 billion compromised credentials in underground forums in 2024—a 42% increase from the previous year. The widespread use of “combo lists” enabled attackers to scale credential-stuffing attacks, contributing to incidents of account takeover, fraud, and corporate espionage. Groups such as BestCombo, BloddyMery, and ValidMail remained active in distributing and validating stolen data.
Strategic Recommendations for CISOs and Security Teams
To help organisations address the evolving threat landscape, the report includes a CISO Playbook for Adversary Defense, outlining several strategic focus areas:
-
Adopt Continuous Threat Exposure Management
Move beyond traditional detection by implementing ongoing attack surface assessments, real-world adversary simulations, and automated defence mechanisms. -
Emulate Real-World Attacks
Use red and purple team exercises and the MITRE ATT&CK framework to test resilience against ransomware and espionage threats. -
Manage Attack Surface Risks
Implement Attack Surface Management (ASM) tools to identify exposed assets, monitor leaked credentials, and detect vulnerabilities. -
Prioritise Based on Risk
Focus patch management efforts on high-risk vulnerabilities discussed in cybercrime forums using EPSS and CVSS frameworks. -
Leverage Dark Web Intelligence
Monitor underground activity to detect emerging threats, such as ransomware services and coordinated DDoS or defacement campaigns.
Fortinet’s 2025 report serves as a resource for security leaders aiming to align their cybersecurity strategies with the latest threat trends and improve resilience against sophisticated cyberattacks.
Read More:
Cloud Centric Cybersecurity Solutions Designed and Made in India
CM Rekha Gupta Backs Traders at CAIT's "Samvaad" Oath Taking Ceremony
Partner Managed Cloud Model Supports Our GTM Strategy
Joint Initiatives for Comprehensive Data Automation in Enterprises