Threat Report Reveals Record Surge in Automated Cyberattacks

Cybercrime-as-a-Service continues to grow as threat actors weaponize AI and expand credential harvesting.

May 1, 2025
Computer Crime Concept 516607038 2125x1416 (1)

Fortinet recently announced the release of the 2025 Global Threat Landscape Report - a snapshot of the active threat landscape and trends from 2024. The data reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. 

"The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape, " states Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet FortiGuard Labs

Key findings from the report include:

  • Automated scanning hits record highs as attackers shift left to identify exposed targets early. To capitalize on newfound vulnerabilities, cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by 16.7 percent worldwide year-over-year, highlighting a sophisticated and massive collection of information on exposed digital infrastructure. FortiGuard Labs observed billions of scans each month, equating to 36,000 scans per second.
  • Darknet marketplaces fuel easy access to neatly packaged exploit kits. In 2024, cybercriminal forums increasingly operated as sophisticated marketplaces for exploit kits, with over 40,000 new vulnerabilities added to the National Vulnerability Database, a 39 percent rise from 2023. In addition to zero-day vulnerabilities circulating on the darknet, initial access brokers are increasingly offering corporate credentials (20 percent), RDP access (19 percent), admin panels (13 percent), and web shells (12 percent). Additionally, FortiGuard Labs observed a 500 percent increase in the past year in logs available from systems compromised by infostealer malware, with 1.7 billion stolen credential records shared in these underground forums.
  • AI-powered cybercrime is scaling rapidly. Threat actors are harnessing AI to enhance phishing realism and evading traditional security controls. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are fueling more scalable, believable, and effective campaigns, without the ethical restrictions of publicly available AI tools.
  • In 2024, the most targeted sector was manufacturing (17 percent). Both nation-state actors and Ransomware-as-a-Service (RaaS) operators concentrated their efforts on these verticals, with the United States bearing the brunt of attacks (61 percent).
  • Cloud and IoT security risks escalate. Cloud environments continue to be a top target, with adversaries exploiting persistent weaknesses such as open storage buckets, over-permissioned identities, and misconfigured services. In 70 percent of observed incidents, attackers gained access through logins from unfamiliar geographies, highlighting the critical role of identity monitoring in cloud defense.
  • Credentials are the currency of cybercrime. In 2024, cybercriminals shared over 100 billion compromised records on underground forums, a 42 percent year-over-year spike, driven largely by the rise of “combo lists” containing stolen usernames, passwords, and email addresses. More than half of darknet posts involved leaked databases, enabling attackers to automate credential-stuffing attacks at scale. Well-known groups like BestCombo, BloddyMery, and ValidMail were the most active cybercriminal groups during this time and continue to lower the barrier to entry by packaging and validating these credentials, fueling a surge in account takeovers, financial fraud, and corporate espionage.

The report also includes a “CISO Playbook for Adversary Defense” that highlights a few strategic areas::

  • Shifting from traditional threat detection to continuous threat exposure management: This proactive approach emphasizes continuous attack surface management, real-world emulation of adversary behavior, risk-based remediation prioritization, and automation of detection and defense responses. Utilizing breach and attack simulation (BAS) tools to regularly assess endpoint, network, and cloud defenses against real-world attack scenarios ensures resilience against lateral movement and exploitation.
  • Conduct adversary emulation exercises, red and purple teaming, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.
  • Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.
  • Focus remediation efforts on vulnerabilities actively discussed by cybercrime groups, leveraging risk-based prioritization frameworks such as EPSS and CVSS for effective patch management.
  • Monitor darknet marketplaces for emerging ransomware services and track hacktivist coordination efforts to preemptively mitigate threats like DDoS and web defacement attacks.
Latest in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
May 1, 2025
Phishing Tadamichi
The Top 4 Developments in Phishing Schemes
May 22, 2025
Encryption
Should Manufacturers Focus on Cybersecurity or Cyber Resilience?
May 22, 2025
Cybersecurity In A Bubble
Why Industrial Edge Cybersecurity Demands a Fresh Approach
May 22, 2025
Related Stories
General Cyberattack
Cybersecurity
Scenario-Based OT Solution Preps Industrial Teams
Phishing Tadamichi
Cybersecurity
The Top 4 Developments in Phishing Schemes
Encryption
Cybersecurity
Should Manufacturers Focus on Cybersecurity or Cyber Resilience?
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Cybersecurity
Security Breach Podcast
Sponsored
Security Breach Podcast
A new video series from Manufacturing.net - Security Breach, looks to offer the insight and tools needed to ready your company's defenses. Stay up-to-date on today's vital cybersecurity topics by subscribing here.
May 1, 2025
Phishing Tadamichi
Cybersecurity
The Top 4 Developments in Phishing Schemes
The bad guys continue to evolve.
May 22, 2025
Encryption
Cybersecurity
Should Manufacturers Focus on Cybersecurity or Cyber Resilience?
One could be essential for the future of manufacturing.
May 22, 2025
Cybersecurity In A Bubble
Cybersecurity
Why Industrial Edge Cybersecurity Demands a Fresh Approach
Vulnerabilities persist because cybersecurity is an afterthought, rather than embedded from the ground up.
May 22, 2025
Coding
Cybersecurity
Shoring Up Digital Trust in Manufacturing: From DMARC Awareness to Full Protection
While most have this email guidance in place, the actual protection rate is significantly lower.
May 22, 2025
Us Binary Flag Mirsad Sarajlic
Cybersecurity
CISA Warns of New Threats Targeting U.S. Industrial Sector
Bad actors include a highly volatile infostealer, and cyber espionage schemes targeting support for Ukraine.
May 22, 2025
A bus passes a branch of Marks and Spencer in London, Tuesday, Aug. 18, 2020.
Cybersecurity
Retailer Says Cyberattack Will Cost $400 Million
And disruptions are ongoing.
May 22, 2025
Smishing Attack Fran Rodriguez
Cybersecurity
Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks
The manufacturing sector remains the most targeted sector in the email threat landscape.
May 15, 2025
Hacking Alarm
Cybersecurity
The Pros and Cons of Implementing a Bug Bounty Program
While not new, the approach is gaining traction.
May 15, 2025
Soc
Cybersecurity
Building a Cybersecurity-First Culture in U.S. Manufacturing
Nation-state threats and AI tools have made it vital to embed cybersecurity into workplace culture.
May 15, 2025
Ep134
Cybersecurity
Security Breach: Dark AI, Hacker Evolutions Speeding Vulnerability Exploitation
Deeper dives into OT priorities will be key to making breaches more difficult.
May 15, 2025
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Navigating Manufacturing’s Third-Party Access Risk
Ways to manage external access while reducing exposure to possible breaches.
May 15, 2025
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
MCP Server Could Revolutionize API Security
The tool allows for interacting with APIs using natural language.
May 8, 2025
General Cyberattack
Cybersecurity
Huntress Debuts Managed SIEM to Simplify Cybersecurity
The platform offers compliance support, investigation, detection, response and threat hunting.
May 8, 2025
Ai Safety Image
Oracle
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
Hasty implementations of AI will create regulatory penalties, cyberattacks and operational disruption.
May 8, 2025