The surge in automated scanning activity has raised significant cybersecurity concerns, according to the 2025 Global Threat Landscape Report from FortiGuard Labs. Threat actors are executing billions of scans each month, approximately 36,000 scans per second, targeting services such as SIP, RDP, and IoT protocols, including Modbus TCP. “The rise of AI, combined with automation and cybercrime-as-a-service, is increasing the sophistication, speed, and ultimately, the success of attacks,” stated Kris Bondi, CEO of Mimoto.
The availability of resources on darknet marketplaces is further compounding this surge. The National Vulnerability Database reported over 40,000 new vulnerabilities last year, marking a 39% increase from 2023. Exploit kits, corporate access credentials, and other tools are readily available for purchase in forums, fueling cybercrime.
FortiGuard Labs noted a 500% rise in logs from systems compromised by infostealer malware, leading to the distribution of 1.7 billion stolen credential records online. The report emphasizes the rapid scaling of AI-driven threats, with attackers using sophisticated tools like BlackmailerV3 to create convincing phishing campaigns that evade traditional defenses. Targeted cyber-attacks are intensifying against critical sectors, including manufacturing (17% of attacks), business services (11%), construction (9%), and retail (9%).
Both nation-state groups and Ransomware-as-a-Service (RaaS) operators are increasingly focusing on these verticals.
Automated scans spur cyber threat surge
“Attack sophistication is on the rise, and critical sector organizations must stay vigilant when facing cyber-attacks,” advised Agnidipta Sarkar, vice president at ColorTokens.
Cloud environments are also vulnerable. In 70% of incidents, unauthorized access came from unfamiliar geographic login attempts, highlighting the need for robust identity monitoring and secure configurations. The United States remains the most targeted nation, experiencing 61% of all attacks, followed by the United Kingdom and Canada.
FortiGuard Labs reported over 100 billion compromised records shared in underground forums in 2024, representing a 42% increase from the previous year. Attackers commonly used “combo lists” that compile usernames, passwords, and emails for credential-stuffing attacks. Groups such as BestCombo, BloodyMery, and ValidMail facilitated this trend, leading to a surge in financial fraud and corporate espionage.
“AI-powered security solutions can detect vulnerabilities with precision in real-time,” said Nicole Carignan, senior vice president at Darktrace. “This allows businesses to respond quickly and prevent disruptions to operations.”
To address these escalating threats, Fortinet recommends that organizations move from traditional detection models to a continuous threat exposure management approach that includes real-world adversary simulation, deployment of attack surface management (ASM) tools, prioritization of high-risk vulnerabilities based on frameworks like EPSS and CVSS, and monitoring dark web intelligence for ransomware services and hacktivist movements. “Security teams must work closely with engineering to enforce security guardrails constantly as part of managing a dynamic cloud environment,” concluded Rom Carmel, CEO of Apono.
The information presented underscores the urgent need for advanced cybersecurity measures in the face of increasingly sophisticated and pervasive cyber threats.
Image Credits: Photo by Markus Spiske on Unsplash
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
