Fortinet Threat Report Reveals Record Surge in Automated Cyberattacks as Adversaries Weaponize AI and Fresh Techniques
Fortinet (NASDAQ: FTNT) has released its 2025 Global Threat Landscape Report, revealing unprecedented levels of automated cyberattacks and AI-weaponization. The report highlights a 16.7% increase in global active scanning, reaching 36,000 scans per second in 2024.
Key findings include a 39% rise in new vulnerabilities, with over 40,000 added to the National Vulnerability Database. The darknet marketplace has seen a surge in exploit kits, with corporate credentials (20%), RDP access (19%), admin panels (13%), and web shells (12%) being actively traded. Stolen credential records increased by 500%, with 1.7 billion records shared in underground forums.
The most targeted sectors were manufacturing (17%), business services (11%), construction (9%), and retail (9%), with the United States experiencing 61% of attacks, followed by the UK (6%) and Canada (5%). The report also notes a 42% year-over-year increase in compromised records, totaling over 100 billion shared on underground forums.
Fortinet (NASDAQ: FTNT) ha pubblicato il suo Rapporto Globale sul Panorama delle Minacce 2025, rivelando livelli senza precedenti di attacchi informatici automatizzati e l'uso dell'IA come arma. Il rapporto evidenzia un aumento del 16,7% nella scansione attiva globale, raggiungendo 36.000 scansioni al secondo nel 2024.
Tra le principali evidenze, un incremento del 39% nelle nuove vulnerabilità, con oltre 40.000 aggiunte al National Vulnerability Database. Il mercato darknet ha registrato un'impennata negli exploit kit, con credenziali aziendali (20%), accessi RDP (19%), pannelli di amministrazione (13%) e web shell (12%) attivamente scambiati. I record di credenziali rubate sono aumentati del 500%, con 1,7 miliardi di record condivisi nei forum sotterranei.
I settori più colpiti sono stati manifatturiero (17%), servizi aziendali (11%), edilizia (9%) e commercio al dettaglio (9%), con gli Stati Uniti che hanno subito il 61% degli attacchi, seguiti dal Regno Unito (6%) e dal Canada (5%). Il rapporto segnala inoltre un aumento del 42% su base annua dei record compromessi, per un totale di oltre 100 miliardi condivisi nei forum sotterranei.
Fortinet (NASDAQ: FTNT) ha publicado su Informe Global sobre el Panorama de Amenazas 2025, revelando niveles sin precedentes de ciberataques automatizados y el uso de IA como arma. El informe destaca un aumento del 16,7% en el escaneo activo global, alcanzando 36.000 escaneos por segundo en 2024.
Los hallazgos clave incluyen un aumento del 39% en nuevas vulnerabilidades, con más de 40.000 añadidas a la Base de Datos Nacional de Vulnerabilidades. El mercado darknet ha experimentado un auge en kits de explotación, con credenciales corporativas (20%), accesos RDP (19%), paneles de administración (13%) y web shells (12%) activamente comercializados. Los registros de credenciales robadas aumentaron un 500%, con 1.700 millones de registros compartidos en foros clandestinos.
Los sectores más atacados fueron manufactura (17%), servicios empresariales (11%), construcción (9%) y comercio minorista (9%), con Estados Unidos sufriendo el 61% de los ataques, seguido por Reino Unido (6%) y Canadá (5%). El informe también señala un aumento interanual del 42% en registros comprometidos, totalizando más de 100.000 millones compartidos en foros clandestinos.
Fortinet (NASDAQ: FTNT)은 2025년 글로벌 위협 환경 보고서를 발표하며 자동화된 사이버 공격과 AI 무기화가 전례 없는 수준에 이르렀음을 밝혔습니다. 보고서에 따르면 2024년 전 세계 활성 스캔이 16.7% 증가하여 초당 36,000회의 스캔이 이루어졌습니다.
주요 내용으로는 신규 취약점이 39% 증가하여 국가 취약점 데이터베이스에 40,000건 이상 추가되었고, 다크넷 시장에서는 익스플로잇 키트가 급증했으며 기업 자격 증명(20%), RDP 접근(19%), 관리자 패널(13%), 웹 셸(12%)이 활발히 거래되고 있습니다. 도난당한 자격 증명 기록은 500% 증가하여 17억 건이 지하 포럼에서 공유되었습니다.
가장 공격이 집중된 분야는 제조업(17%), 비즈니스 서비스(11%), 건설업(9%), 소매업(9%)이며, 미국이 전체 공격의 61%를 차지했고 이어 영국(6%), 캐나다(5%)가 뒤를 이었습니다. 또한 보고서는 연간 기준으로 침해된 기록이 42% 증가하여 1,000억 건 이상이 지하 포럼에서 공유되었다고 언급했습니다.
Fortinet (NASDAQ : FTNT) a publié son Rapport mondial sur le paysage des menaces 2025, révélant des niveaux sans précédent de cyberattaques automatisées et d’armement de l’IA. Le rapport souligne une augmentation de 16,7 % des scans actifs mondiaux, atteignant 36 000 scans par seconde en 2024.
Les principales conclusions incluent une hausse de 39 % des nouvelles vulnérabilités, avec plus de 40 000 ajoutées à la Base nationale des vulnérabilités. Le marché darknet a connu une augmentation des kits d’exploitation, avec des identifiants d’entreprise (20 %), des accès RDP (19 %), des panneaux d’administration (13 %) et des web shells (12 %) activement échangés. Les enregistrements d’identifiants volés ont augmenté de 500 %, avec 1,7 milliard d’enregistrements partagés sur des forums clandestins.
Les secteurs les plus ciblés étaient la fabrication (17 %), les services aux entreprises (11 %), la construction (9 %) et le commerce de détail (9 %), les États-Unis subissant 61 % des attaques, suivis du Royaume-Uni (6 %) et du Canada (5 %). Le rapport note également une augmentation de 42 % d’une année sur l’autre des enregistrements compromis, totalisant plus de 100 milliards partagés sur des forums clandestins.
Fortinet (NASDAQ: FTNT) hat seinen Global Threat Landscape Report 2025 veröffentlicht, der beispiellose Levels automatisierter Cyberangriffe und den Einsatz von KI als Waffe aufzeigt. Der Bericht verzeichnet einen Anstieg der globalen aktiven Scans um 16,7 % und erreicht 36.000 Scans pro Sekunde im Jahr 2024.
Wesentliche Erkenntnisse umfassen einen Anstieg neuer Schwachstellen um 39 %, mit über 40.000 neuen Einträgen in der National Vulnerability Database. Der Darknet-Marktplatz verzeichnet einen Anstieg von Exploit-Kits, wobei Unternehmenszugangsdaten (20 %), RDP-Zugänge (19 %), Admin-Panels (13 %) und Webshells (12 %) aktiv gehandelt werden. Gestohlene Zugangsdaten haben um 500 % zugenommen, mit 1,7 Milliarden Datensätzen, die in Untergrundforen geteilt werden.
Die am stärksten angegriffenen Branchen waren Fertigung (17 %), Unternehmensdienstleistungen (11 %), Bauwesen (9 %) und Einzelhandel (9 %), wobei die USA 61 % der Angriffe verzeichneten, gefolgt vom Vereinigten Königreich (6 %) und Kanada (5 %). Der Bericht vermerkt außerdem einen jährlichen Anstieg von 42 % bei kompromittierten Datensätzen, mit insgesamt über 100 Milliarden, die in Untergrundforen geteilt werden.
- Comprehensive threat intelligence data collection and analysis capabilities demonstrated
- Strong market position in identifying and tracking emerging cyber threats
- Enhanced visibility into dark web activities and threat actor behaviors
- Significant increase in cyber threats could strain security product capabilities
- Rising sophistication of AI-powered attacks may challenge existing security solutions
- Rapid evolution of threat landscape requires constant product updates and adaptation
FortiGuard Labs 2025 Global Threat Landscape Report highlights a boom in Cybercrime-as-a-Service on the darknet, fueling a lucrative market for credentials, exploits, and access
SUNNYVALE, Calif., April 28, 2025 (GLOBE NEWSWIRE) --
News Summary
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the release of the 2025 Global Threat Landscape Report from FortiGuard Labs. The latest annual report is a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The data reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.
“Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet FortiGuard Labs. “The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”
Key findings from the latest FortiGuard Labs Global Threat Landscape Report include:
- Automated scanning hits record highs as attackers shift left to identify exposed targets early. To capitalize on newfound vulnerabilities, cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by
16.7% worldwide year-over-year, highlighting a sophisticated and massive collection of information on exposed digital infrastructure. FortiGuard Labs observed billions of scans each month, equating to 36,000 scans per second, revealing an intensified focus on mapping exposed services such as SIP and RDP and OT/IoT protocols like Modbus TCP. - Darknet marketplaces fuel easy access to neatly packaged exploit kits. In 2024, cybercriminal forums increasingly operated as sophisticated marketplaces for exploit kits, with over 40,000 new vulnerabilities added to the National Vulnerability Database, a
39% rise from 2023. In addition to zero-day vulnerabilities circulating on the darknet, initial access brokers are increasingly offering corporate credentials (20% ), RDP access (19% ), admin panels (13% ), and web shells (12% ). Additionally, FortiGuard Labs observed a500% increase in the past year in logs available from systems compromised by infostealer malware, with 1.7 billion stolen credential records shared in these underground forums. - AI-powered cybercrime is scaling rapidly. Threat actors are harnessing AI to enhance phishing realism and evading traditional security controls, making cyberattacks more effective and difficult to detect. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are fueling more scalable, believable, and effective campaigns, without the ethical restrictions of publicly available AI tools.
- Targeted attacks on critical sectors intensify. Industries such as manufacturing, healthcare, and financial services continue to experience a surge in tailored cyberattacks, with adversaries deploying sector-specific exploitations. In 2024, the most targeted sectors were manufacturing (
17% ), business services (11% ), construction (9% ), and retail (9% ). Both nation-state actors and Ransomware-as-a-Service (RaaS) operators concentrated their efforts on these verticals, with the United States bearing the brunt of attacks (61% ), followed by the United Kingdom (6% ) and Canada (5% ). - Cloud and IoT security risks escalate. Cloud environments continue to be a top target, with adversaries exploiting persistent weaknesses such as open storage buckets, over-permissioned identities, and misconfigured services. In
70% of observed incidents, attackers gained access through logins from unfamiliar geographies, highlighting the critical role of identity monitoring in cloud defense. - Credentials are the currency of cybercrime. In 2024, cybercriminals shared over 100 billion compromised records on underground forums, a
42% year-over-year spike, driven largely by the rise of “combo lists” containing stolen usernames, passwords, and email addresses. More than half of darknet posts involved leaked databases, enabling attackers to automate credential-stuffing attacks at scale. Well-known groups like BestCombo, BloddyMery, and ValidMail were the most active cybercriminal groups during this time and continue to lower the barrier to entry by packaging and validating these credentials, fueling a surge in account takeovers, financial fraud, and corporate espionage.
CISO Takeaway: Strengthening Cyber Defenses Against Emerging Threats
Fortinet’s Global Threat Landscape Report provides rich details on the latest attacker tactics and techniques while also delivering prescriptive recommendations and actionable insights. Designed to empower CISOs and security teams, the report offers strategies to counter threat actors before they strike, helping organizations stay ahead of emerging cyberthreats.
This year’s report includes a “CISO Playbook for Adversary Defense” that highlights a few strategic areas to focus on:
- Shifting from traditional threat detection to continuous threat exposure management: This proactive approach emphasizes continuous attack surface management, real-world emulation of adversary behavior, risk-based remediation prioritization, and automation of detection and defense responses. Utilizing breach and attack simulation (BAS) tools to regularly assess endpoint, network, and cloud defenses against real-world attack scenarios ensures resilience against lateral movement and exploitation.
- Simulating real-world attacks: Conduct adversary emulation exercises, red and purple teaming, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.
- Reducing attack surface exposure: Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.
- Prioritizing high-risk vulnerabilities: Focus remediation efforts on vulnerabilities actively discussed by cybercrime groups, leveraging risk-based prioritization frameworks such as EPSS and CVSS for effective patch management.
- Leveraging dark web intelligence: Monitor darknet marketplaces for emerging ransomware services and track hacktivist coordination efforts to preemptively mitigate threats like DDoS and web defacement attacks.
Discover how FortiGuard Labs Advisory Services combine cutting-edge technology and expert services to help organizations strengthen their security posture before threats emerge. In the event of an incident, FortiGuard Labs offers swift, effective response and in-depth forensic analysis to minimize impact and prevent future intrusions, delivering comprehensive protection in today’s increasingly volatile digital landscape.
Additional Resources
- Download a copy of the 2025 Global Threat Landscape Report from FortiGuard Labs.
- Read the blog for valuable takeaways from this research.
- Learn more about FortiGuard Labs threat intelligence and research and outbreak alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
- Learn about FortiAI and Fortinet’s AI-driven innovations.
- Read more about the Fortinet Security Fabric, which brings end-to-end security to organizations of all sizes to prevent ransomware across all points of entry.
- Visit fortinet.com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
- Read about how Fortinet customers are securing their organizations.
- Learn about Fortinet's commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies.
- Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
About Fortinet
Fortinet (Nasdaq: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
Copyright © 2025 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.
| Media Contact: | Investor Contact: | Analyst Contact: |
| Travis Anderson Fortinet, Inc. 408-235-7700 pr@fortinet.com | Aaron Ovadia Fortinet, Inc. 408-235-7700 investors@fortinet.com | Brian Greenberg Fortinet, Inc. 408-235-7700 analystrelations@fortinet.com |
FAQ
What are the key findings of Fortinet's 2025 Global Threat Landscape Report?
How has AI impacted cybercrime according to FTNT's latest report?
What sectors are most vulnerable to cyberattacks in 2024-2025?
How many stolen credential records were shared on underground forums in 2024?
What percentage of cyber attacks targeted the United States according to FTNT's report?
