Fortinet Unveils 2025 Global Threat Landscape Report: A Dire Warning for Cyber Defenses
Fortinet, a leader in the global cybersecurity landscape, has unveiled its latest findings in the 2025 Global Threat Landscape Report, produced by FortiGuard Labs. This annual report offers a comprehensive examination of the cyber threat landscape as observed in 2024, detailing current trends and tactics used by cybercriminals, framed within the well-regarded MITRE ATT&CK framework. The data presented in this report shines a light on how adversarial actors are increasingly leveraging advanced automation, easily accessible tools, and artificial intelligence (AI) to diminish the strategic advantages that defenders traditionally held.
One of the most striking revelations in this year’s report is the substantial rise in automated scans. According to FortiGuard Labs, automated scanning reached record heights as attackers adapted their strategies to identify exposed targets early in the process. Specifically, active scanning activities increased by 16.7% year-over-year, culminating in unprecedented levels of data collection regarding exposed digital structures. The researchers noted billions of scans conducted each month, averaging 36,000 scans every second. The focus of these scans is notable, targeting exposed services such as Session Initiation Protocol (SIP), Remote Desktop Protocol (RDP), and various Operational Technology/Internet of Things (OT/IoT) protocols, including Modbus TCP.
An equally concerning trend is emerging within darknet marketplaces, which have evolved into sophisticated platforms that facilitate the easy access to neatly packaged exploit kits. The report highlights an alarming addition of over 40,000 new vulnerabilities to the National Vulnerability Database, signaling a 39% increase from the previous year. Notably, initial access brokers on these forums have commodified cybercrime by offering key resources, including corporate credentials (20% of listings), RDP access (19%), administrative panels (13%), and web shells (12%). FortiGuard Labs reported a staggering 500% increase in logs from systems compromised by infostealer malware, resulting in 1.7 billion stolen credential records circulating in these underground spaces.
The role of AI in facilitating cybercrime has also gained significant traction. Threat actors are utilizing AI tools to enhance the credibility of phishing schemes and to evade conventional security measures, leading to a rise in the effectiveness and discreetness of cyberattacks. Advanced tools such as FraudGPT, BlackmailerV3, and ElevenLabs have emerged in this arena, allowing for the creation of highly convincing and scalable campaign tactics that bypass ethical constraints typically upheld by publicly available AI resources.
As expected, the report also points to a troubling increase in targeted attacks on essential sectors, including manufacturing, healthcare, and financial services. Specific industries have become more susceptible to tailored cyberattacks, with 2024 witnessing the highest assault rates on manufacturing (17%), business services (11%), construction (9%), and retail (9%). The report indicates that nation-state actors and Ransomware-as-a-Service (RaaS) operators have concentrated their efforts within these verticals, with the United States experiencing the majority of attacks (61%), trailed by the United Kingdom (6%) and Canada (5%).
Furthermore, as organizations increasingly utilize cloud services, the risk landscape surrounding cloud and IoT security has escalated. Cybercriminals are capitalizing on persistent vulnerabilities such as open storage buckets, excessive permissions, and incorrect configurations. Alarmingly, in 70% of documented incidents, attackers accessed systems through logins from unfamiliar geographical locations, underscoring the essential role of identity monitoring in defending cloud environments.
In examining the currency of cybercrime, the report reveals that over 100 billion compromised records were shared across underground forums in 2024, representing a 42% increase compared to the previous year. The proliferation of "combo lists," which contain stolen usernames, passwords, and email addresses, has further exacerbated this issue. More than half of the posts on darknet marketplaces involved leaked databases, allowing attackers to automate credential-stuffing attacks at scale. Leading cybercriminal entities, such as BestCombo, BloddyMery, and ValidMail, have intensified their operations, notably lowering the barriers to entry for aspiring cybercriminals by curating authentic and validated credentials.
In light of these findings, Fortinet’s report serves as a vital resource for Chief Information Security Officers (CISOs) and security teams. By providing insightful recommendations and actionable strategies, the report encourages organizations to fortify their defenses against the evolving techniques employed by today’s cyber adversaries. Specifically, it emphasizes the necessity of transitioning from traditional threat detection to a model focused on continuous threat exposure management. This new approach advocates for real-time assessments of attack surfaces, the emulation of adversarial behavior, risk-informed remediation, and automation in both detection and defense mechanisms.
The report underscores the importance of proactively simulating real-world attack scenarios to ensure that defenses remain effective against threats like ransomware and espionage campaigns. Adopting attack surface management tools to identify exposed assets or leaked credentials is also highlighted as a crucial step, alongside the active monitoring of darknet forums for any emerging threats.
For organizations striving to adapt in this rapidly shifting landscape, Fortinet’s Global Threat Landscape Report stands as an indispensable guide, positioning itself as a critical touchstone for understanding and countering modern cyber threats. Derek Manky, Fortinet’s Chief Security Strategist and Global VP of Threat Intelligence, concludes the overview of the report with a stark warning: the acceleration of cybercriminal activities is unprecedented, and organizations must adopt a proactive, intelligence-driven defense strategy, ideally enhanced by AI and continuous threat exposure management, to mitigate the risks inherent in today’s evolving threat scenario.