AI-Powered Attacks and Darknet Commerce Redefine Cyber Risk in 2025, Says Fortinet Threat Report

Singapore, 3 May 2025 – A new report from Fortinet warns that the rapid adoption of AI and automation by cybercriminals has escalated the scale and sophistication of cyberattacks globally, signaling a pivotal moment for enterprises to rethink their security strategies.

The 2025 Global Threat Landscape Report, released by FortiGuard Labs, provides an in-depth analysis of cyberattack trends observed throughout 2024 — mapping tactics to the MITRE ATT&CK framework. The findings highlight a marked shift: attackers are now industrializing cybercrime with Cybercrime-as-a-Service (CaaS) offerings and AI-driven tools, fundamentally eroding defenders’ ability to react using traditional means.

“Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet FortiGuard Labs. “The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”

Key Trends from Fortinet’s 2025 Threat Report:

1. Surge in Automated Scanning
Active reconnaissance has reached unprecedented levels, with automated scans increasing 16.7% YoY. FortiGuard Labs observed more than 36,000 scans per second, primarily targeting protocols like SIP, RDP, and OT/IoT systems such as Modbus TCP. This trend indicates adversaries are increasingly moving “left” — identifying vulnerabilities before enterprises even detect exposure.

2. Exploit Kits Go Mainstream on the Darknet
Darknet forums have evolved into structured marketplaces, selling everything from admin panel access and RDP credentials to pre-built web shells. With over 40,000 new CVEs added to the NVD in 2024 — a 39% spike from 2023 — threat actors are armed with an expanding arsenal. Logs from infostealer malware exploded 500%, feeding a booming black market of 1.7 billion stolen credentials.

3. Generative AI Fuels Sophisticated Phishing and Social Engineering
Cybercriminals are using tools like FraudGPT, BlackmailerV3, and ElevenLabs to launch hyper-realistic, automated attacks that evade detection. These AI-powered campaigns eliminate the ethical safeguards of commercial AI models, creating a scalable engine for fraud, blackmail, and misinformation.

4. Sector-Specific Threats Rise
Critical industries — particularly manufacturing (17%), business services (11%), construction (9%), and retail (9%) — saw a spike in tailored attacks. These often leveraged vulnerabilities unique to sector operations. Notably, the US (61%), UK (6%), and Canada (5%) bore the highest attack volumes, driven by both nation-state actors and RaaS groups.

5. Cloud and IoT Remain Prime Targets
Cloud environments continued to be exploited via misconfigured storage, over-permissioned accounts, and identity-based attacks. Fortinet reports that 70% of incidents involved anomalous logins from unfamiliar geographies, pointing to the need for enhanced identity and access monitoring.

6. Credentials Dominate the Cybercrime Economy
Over 100 billion compromised credentials were circulated on underground forums in 2024 — a 42% increase YoY. Pre-packaged “combo lists” of usernames, passwords, and emails now drive massive credential-stuffing campaigns. Groups such as BestCombo, BloddyMery, and ValidMail remain prolific actors in distributing and validating stolen access.

CISO Takeaway: Strengthening Cyber Defenses Against Emerging Threats

Fortinet’s report isn’t just diagnostic — it offers a roadmap for resilience. A dedicated CISO Playbook for Adversary Defense outlines key steps security leaders must take to adapt to today’s attack surface:

• Embrace continuous threat exposure management (CTEM): Shift from reactive threat detection to real-time attack surface visibility and response using BAS tools.
  
• Run adversary emulation exercises: Red and purple team simulations aligned with MITRE ATT&CK help test and refine cyber defense capabilities.
  
• Monitor darknet and attack surfaces: Deploy ASM tools to detect leaked credentials, exploitable vulnerabilities, and sector-specific threats before adversaries strike.
  
• Prioritize based on real-world risk: Focus patching on actively weaponized CVEs, guided by EPSS and CVSS to streamline remediation.
  
• Use dark web intelligence as an early-warning system: Track ransomware innovations, emerging threat actor tactics, and hacktivist campaigns to stay ahead.
  

As enterprises face an increasingly hostile cyber environment, Fortinet’s findings reinforce a growing industry mandate: security must be proactive, AI-driven, and relentlessly adaptive.