2025 Global Threat Landscape Report highlights sharp escalation in Darknet commerce, AI weaponization, and targeted attacks on critical sectors
Fortinet has unveiled its 2025 Global Threat Landscape Report, revealing a dramatic rise in automated cyberattacks and AI-powered threats. Compiled by FortiGuard Labs, the annual report maps threat actor tactics across the MITRE ATT&CK framework and outlines how cybercriminals are increasingly leveraging Cybercrime-as-a-Service to accelerate attacks at scale.
Among the standout findings: automated scanning activity surged 16.7% YoY, equating to 36,000 scans per second as attackers raced to exploit exposed services like SIP, RDP, and OT/IoT protocols. Meanwhile, darknet forums witnessed a 500% spike in infostealer logs and over 1.7 billion compromised credentials in circulation.
“Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale.”
– Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, Fortinet FortiGuard Labs
“The old security playbook is no longer sufficient,” said Derek Manky, Chief Security Strategist, Fortinet. “Adversaries are now blending AI with automation, creating ultra-scalable attacks that outpace traditional defences.”
Key sectors under siege in 2024 included manufacturing (17%), business services (11%), and construction (9%), with nation-state actors and Ransomware-as-a-Service (RaaS) operators driving sophisticated intrusions. The U.S. remained the most targeted country (61%), followed by the U.K. (6%) and Canada (5%).
The report urges CISOs to shift from passive detection to continuous threat exposure management, combining real-time adversary emulation, breach simulation, dark web monitoring, and risk-based patch prioritization.
With over 100 billion compromised records traded in 2024, credentials remain the “currency of cybercrime,” further fueling automated credential-stuffing and corporate espionage.
