Fortinet® (NASDAQ: FTNT), a global cybersecurity company, has released its 2025 cybersecurity report. The Global Threat Landscape Report from FortiGuard Labs presents a detailed view of cyberattack trends and behaviors from 2024. The findings show that cybercriminals are increasing their use of automation, AI, and readily available tools. These methods are reducing the gap between attackers and defenders.
The report draws from data mapped to the MITRE ATT&CK framework. It shows how threat actors are adapting faster and targeting vulnerabilities more aggressively.
Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet FortiGuard Labs, stated that attackers are moving at “unprecedented speed and scale.” He emphasized that traditional security strategies are no longer enough. Organizations must now focus on proactive, intelligence-driven defenses using AI, zero trust models, and constant exposure management.
One major trend observed is the surge in automated scanning. In 2024, there was a 16.7% increase globally, with cybercriminals scanning the internet for weak points at a rate of 36,000 scans per second. Attackers targeted services such as SIP, RDP, and OT/IoT protocols like Modbus TCP.
Another key finding is the growing role of darknet marketplaces. These platforms now offer easy access to exploit kits and stolen credentials. In 2024, over 40,000 new vulnerabilities were added to the National Vulnerability Database, a 39% rise from 2023. Infostealer malware also contributed to a 500% increase in compromised system logs, with 1.7 billion stolen credential records shared online.
AI is now a core tool for cybercriminals. Malicious use of AI platforms such as FraudGPT, BlackmailerV3, and ElevenLabs is making phishing attacks more convincing and harder to detect. These tools are not bound by ethical restrictions and can be used to create large-scale, believable attack campaigns.
Targeted attacks on critical industries have intensified. Manufacturing was the most attacked sector in 2024 (17%), followed by business services (11%), construction (9%), and retail (9%). The United States experienced the highest volume of attacks (61%), with the UK and Canada following.
Cloud and IoT environments are also under pressure. In 70% of incidents, attackers gained access via login attempts from unknown geographies. Common issues include open storage buckets and misconfigured services.
Credentials remain a top asset for cybercriminals. In 2024, over 100 billion compromised records were posted on underground forums, a 42% increase year-over-year. More than half of darknet posts included leaked databases. Popular groups like BestCombo, BloddyMery, and ValidMail were active in validating and sharing stolen credentials, increasing the risk of account takeovers and fraud.
To address these threats, Fortinet has included a “CISO Playbook for Adversary Defense” in the report. It provides actionable recommendations for security teams:
Monitoring darknet activity is also recommended to detect new ransomware tools and hacker activity early.
FortiGuard Labs Advisory Services support organizations with expert guidance, threat simulation, and incident response. These services aim to reduce cyber risk and improve resilience against evolving threats.
The 2025 cybersecurity report is a timely reminder of how fast the threat landscape is changing. Organizations are encouraged to adopt advanced tools and strategies to stay ahead.
