“Our latest Global Threat Landscape Report highlights how cybercriminals are leveraging AI and automation to accelerate their attacks at unprecedented speed and scale,” said Derek Manky, vice president of global threat research and cybersecurity strategy at FortiGuard Labs. “Traditional security playbooks are no longer sufficient. Organizations will need to rapidly shift to a proactive defense strategy that incorporates AI, zero trust, and continuous threat management to stay ahead of attackers in today’s rapidly changing threat landscape.”

Notably, automated scanning is at an all-time high as attackers work to identify exposed targets early. To take advantage of newly discovered vulnerabilities, cybercriminals are deploying automated scanning on a global scale. FortiGuard Labs observed and recorded billions of scans per month, which equates to 36,000 scans per second. This indicates a strong focus by attackers on mapping exposed services such as SIP and RDP and OT/IoT protocols such as Modbus TCP.

The rise of the Darknet “black market” has made access to pre-built attack kits easier. In 2024, cybercrime forums began to increasingly act as marketplaces for exploit kits, with more than 40,000 new vulnerabilities added to the National Vulnerability Database, a 39% increase from 2023.

In addition to zero-day vulnerabilities circulating on the darknet, brokers have increasingly offered corporate credentials (20%), RDP remote access (19%), administrative consoles (13%), and web shells (12%). Notably, FortiGuard Labs has seen a 500% increase in available logs from systems compromised by credential theft malware over the past year, with 1.7 billion stolen credential records shared in these underground forums.

AI-powered cybercrime is expanding rapidly. Threat actors are leveraging AI to enhance the authenticity of their fraud and evade traditional security controls, making cyberattacks more effective and harder to detect. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are making attack campaigns more scalable, reliable, and effective, while avoiding the limitations of existing AI tools.

Targeted attacks on critical sectors are on the rise. Industries such as manufacturing, healthcare and financial services continue to see a rise in tailored cyber attacks, with specific exploits planned and deployed specifically for each sector.

In 2024, the most targeted sectors will be manufacturing (17%), business services (11%), construction (9%), and retail (9%). Nation-state actors and Ransomware-as-a-Service (RaaS) syndicates will focus their efforts on these verticals. The United States bears the brunt of these attacks (61%), followed by the United Kingdom (6%) and Canada (5%).

Cloud and IoT security risks are on the rise. Cloud computing environments continue to be a top target, with attackers persistently exploiting weaknesses such as open storage, over-provisioned identities, and misconfigured services. In 70% of observed incidents, attackers gained access through credentials from unfamiliar geographies, highlighting the importance of identity monitoring in cloud defense.

Credentials are the currency of cybercriminals. In 2024, cybercriminals shared more than 100 billion compromised records on underground forums, a 42% increase year-over-year, driven largely by the rise of “mix lists” containing stolen usernames, passwords, and email addresses. More than half of darknet posts were related to leaked databases, allowing attackers to automate credential stuffing attacks at scale.

High-profile groups like BestCombo, BloddyMery, and ValidMail were among the most active cybercriminal groups during this time. They continued to lower the barrier to entry by offering credential-ready packages, leading to a spike in account takeovers, financial fraud, and corporate espionage.

Faced with the above situation, the report provides recommendations on security defense for CISOs, emphasizing a number of strategic areas that need to be focused on such as:

Moving from Traditional Threat Detection to “Continuous Threat Exposure Management” – This proactive approach focuses on continuous attack surface management, simulating real-world adversary behavior, prioritizing risk-based remediation, and automating detection and defense responses.

Simulate real-world attacks – Conduct adversary simulation exercises, incorporate Red & Purple teams, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.

Reduce attack surface – Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.

Prioritize high-risk vulnerabilities – Focus remediation efforts on vulnerabilities actively discussed by cybercriminal groups, and leverage risk-based prioritization information such as EPSS and CVSS to manage patches effectively.

Leverage Dark Web Intelligence– Monitor darknet markets for emerging ransomware services and track coordinated hacker efforts to mitigate threats like DDoS and website defacement attacks.

Source: https://doanhnghiepvn.vn/chuyen-doi-so/an-ninh-mang/cac-cuoc-tan-cong-mang-tu-dong-tang-manh/20250508031351243