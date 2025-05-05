AI drives record surge in automated cyberattacks

Threat actors are increasingly harnessing automation, commoditised tools, and AI to systematically erode the traditional advantages held by defenders.

This is among the findings from FortiGuard Labs’ 2025 Global Threat Landscape Report, which is a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks.

“Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” says Derek Manky, chief security strategist and global vice-president: threat intelligence at Fortinet FortiGuard Labs.

“The traditional security playbook is no longer enough. Organisations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”

Key findings from the latest FortiGuard Labs Global Threat Landscape Report include:

Automated scanning hits record highs as attackers shift left to identify exposed targets early . To capitalize on newfound vulnerabilities, cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by 16,7% worldwide year-over-year, highlighting a sophisticated and massive collection of information on exposed digital infrastructure. FortiGuard Labs observed billions of scans each month, equating to 36 000 scans per second, revealing an intensified focus on mapping exposed services such as SIP and RDP and OT/IoT protocols like Modbus TCP.

. To capitalize on newfound vulnerabilities, cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by 16,7% worldwide year-over-year, highlighting a sophisticated and massive collection of information on exposed digital infrastructure. FortiGuard Labs observed billions of scans each month, equating to 36 000 scans per second, revealing an intensified focus on mapping exposed services such as SIP and RDP and OT/IoT protocols like Modbus TCP. Darknet marketplaces fuel easy access to neatly packaged exploit kits. In 2024, cybercriminal forums increasingly operated as sophisticated marketplaces for exploit kits, with over 40 000 new vulnerabilities added to the National Vulnerability Database, a 39% rise from 2023. In addition to zero-day vulnerabilities circulating on the darknet, initial access brokers are increasingly offering corporate credentials (20%), RDP access (19%), admin panels (13%), and web shells (12%). Additionally, FortiGuard Labs observed a 500% increase in the past year in logs available from systems compromised by infostealer malware, with 1.7 billion stolen credential records shared in these underground forums.

AI-powered cybercrime is scaling rapidly. Threat actors are harnessing AI to enhance phishing realism and evading traditional security controls, making cyberattacks more effective and difficult to detect. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are fueling more scalable, believable, and effective campaigns, without the ethical restrictions of publicly available AI tools.