“Our latest Global Threat Landscape Report clearly shows that cybercriminals are leveraging AI and automation to accelerate their attacks at an unprecedented speed and scale,” said Derek Manky, vice president of global threat research and cybersecurity strategy at FortiGuard Labs. “Traditional security playbooks are no longer enough. Organizations will need to quickly shift to a proactive defense strategy that combines AI, zero trust, and continuous threat management to stay ahead of attackers in today’s rapidly changing threat landscape.”
Notably, automated scanning is at an all-time high as attackers work to identify exposed targets early. To take advantage of newly discovered vulnerabilities, cybercriminals are deploying automated scanning on a global scale. FortiGuard Labs observed and recorded billions of scans per month, which equates to 36,000 scans per second. This indicates a strong focus by attackers on mapping exposed services such as SIP and RDP and OT/IoT protocols such as Modbus TCP.
The rise of the Darknet has made access to pre-built attack kits easier. In 2024, cybercriminal forums began to increasingly act as marketplaces for exploit kits, with more than 40,000 new vulnerabilities added to the National Vulnerability Database, a 39% increase from 2023.
In addition to zero-day vulnerabilities circulating on the darknet, brokers have increasingly offered corporate credentials (20%), RDP remote access (19%), administrative consoles (13%), and web shells (12%). Notably, FortiGuard Labs has seen a 500% increase in available logs from systems compromised by credential theft malware over the past year, with 1.7 billion stolen credential records shared in these underground forums.
AI-powered cybercrime is expanding rapidly. Cybersecurity threat actors are leveraging AI to enhance the authenticity of their fraud and evade traditional security controls, making cyberattacks more effective and harder to detect. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are making attack campaigns more scalable, reliable, and effective, avoiding the limitations of available AI tools.
Targeted attacks on critical sectors are on the rise. Industries such as manufacturing, healthcare and financial services continue to see a rise in tailor-made cyber attacks, with specific exploits planned and deployed specifically for each sector.
In 2024, the most targeted sectors will be manufacturing (17%), business services (11%), construction (9%), and retail (9%). Nation-state actors and Ransomware-as-a-Service (RaaS) syndicates will focus their efforts on these verticals. The United States bears the brunt of these attacks (61%), followed by the United Kingdom (6%) and Canada (5%).
Cloud and IoT security risks are on the rise. Cloud computing environments continue to be a top target, with attackers persistently exploiting weaknesses such as open storage services, over-provisioned identities, and misconfigured services. In 70% of observed incidents, attackers gained access through credentials from unfamiliar geographies, highlighting the importance of identity monitoring in cloud defense.
Credentials are the currency of cybercriminals. In 2024, cybercriminals shared more than 100 billion compromised records on underground forums, a 42% increase year-over-year, driven largely by the rise of “mix lists” containing stolen usernames, passwords, and email addresses. More than half of the darknet posts related to leaked databases, allowing attackers to automate credential stuffing attacks at scale.
High-profile groups like BestCombo, BloddyMery, and ValidMail were among the most active cybercriminal groups during this time, further lowering the barrier to entry by offering credential-based packages, leading to a spike in account takeovers, financial fraud, and corporate espionage.
Faced with the above situation, the report provides recommendations on security defense for CISOs, emphasizing a number of strategic areas that need to be focused on, such as:
Moving from Traditional Threat Detection to “Continuous Threat Exposure Management” – This proactive approach focuses on continuous attack surface management, simulating real -world adversary behavior, prioritizing risk-based remediation, and automating detection and defense responses.
Simulate real-world attacks – Conduct adversary simulation exercises, incorporate Red & Purple teams, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.
Reduce attack surface – Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.
Prioritize high-risk vulnerabilities – Focus remediation efforts on vulnerabilities actively discussed by cybercriminal groups, and leverage risk-based prioritization information such as EPSS and CVSS to manage patches effectively.
Leverage Dark Web Intelligence– Monitor darknet markets for emerging ransomware services and track coordinated hacker efforts to mitigate threats like DDoS and website defacement attacks.
Source: https://doanhnghiepvn.vn/chuyen-doi-so/an-ninh-mang/cac-cuoc-tan-cong-mang-tu-dong-tang-manh/20250508031351243
![[Photo] National Assembly Chairman Tran Thanh Man attends the VinFuture 2025 Award Ceremony](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F05%2F1764951162416_2628509768338816493-6995-jpg.webp&w=3840&q=75)
![[Photo] 60th Anniversary of the Founding of the Vietnam Association of Photographic Artists](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F05%2F1764935864512_a1-bnd-0841-9740-jpg.webp&w=3840&q=75)
Comment (0)