- IBM aims for autonomous security operations
- The 11th Gen Apple iPad just reached its lowest price yet
- What is 'Technical Debt'? How the U.S. Congress Can Tackle This Silent IT Challenge
- Tenable to Highlight Holistic Approach to Cyber Exposure at GISEC 2025
- I switched to an e-paper Android phone with a physical keyboard - here's my buying advice
Researchers Note 16.7% Increase in Automated Scanning Activity
A surge in automated scanning activity, increasing by 16.7% globally in 2024, has exposed massive vulnerabilities in digital infrastructure.
According to the 2025 Global Threat Landscape Report from FortiGuard Labs, threat actors are executing billions of scans monthly – roughly 36,000 scans per second – targeting services like SIP, RDP and IoT protocols such as Modbus TCP.
“The rise of AI, combined with automation and cybercrime-as-a-service (CaaS), is increasing the sophistication, speed and ultimately, the success of attacks,” said Kris Bondi, CEO of Mimoto.
Darknet marketplaces are also fueling cybercrime. The National Vulnerability Database added more than 40,000 new vulnerabilities last year, up 39% from 2023. Forums now offer neatly packaged exploit kits and corporate access credentials, with initial access brokers selling login details, admin panels and web shells.
FortiGuard Labs recorded a 500% rise in logs available from systems compromised by infostealer malware, contributing to 1.7 billion stolen credential records shared online.
Read more on credential stuffing attacks: Credential Stuffing Attack Hits 72,000 Levi’s Accounts
The report further highlights the rapid scaling of AI-driven threats. Attackers are leveraging tools like FraudGPT and BlackmailerV3 to craft convincing phishing campaigns and evade traditional defenses. This evolution is making attacks more challenging to detect and block.
Critical Sectors Face Intensifying Threats
Targeted cyber-attacks are rising sharply against sectors including:
- Manufacturing (17% of attacks)
- Business services (11%)
- Construction (9%)
- Retail (9%)
Both nation-state groups and Ransomware-as-a-Service (RaaS) operators increasingly focus on these verticals.
“Attack sophistication is on the rise and critical sector organization […] shutdown when faced with a cyber-attack,” said Agnidipta Sarkar, vice president at ColorTokens.
Cloud environments also remain vulnerable. In 70% of incidents, unauthorized access stemmed from unfamiliar geographic login attempts, underscoring the necessity of identity monitoring and secure configurations.
According to the report, the United States was the most targeted nation, absorbing 61% of attacks, followed by the United Kingdom and Canada.
Stolen Credentials Flood Underground Markets
FortiGuard Labs further found over 100 billion compromised records shared in underground forums in 2024 – a 42% increase over the prior year.
Attackers frequently used “combo lists” that compile usernames, passwords and emails for credential-stuffing attacks.
Groups like BestCombo, BloddyMery, and ValidMail drove this trend, enabling a surge in financial fraud and corporate espionage.
“AI-powered security solutions can detect vulnerabilities with precision in real-time,” said Nicole Carignan, senior vice president at Darktrace.
“[This allows] businesses to respond quickly and prevent disruption to operations.”
Fortinet Urges a Shift to Intelligence-Led Defense
To combat these escalating threats, Fortinet recommends that organizations transition from traditional detection models to a continuous threat exposure management approach that includes:
- Real-world adversary simulation
- Deployment of attack surface management (ASM) tools
- Prioritization of high-risk vulnerabilities based on risk frameworks like EPSS and CVSS
- Use of dark web intelligence to monitor ransomware services and hacktivist movements
“Security teams must work closely with engineering to enforce security guardrails constantly as part of managing a dynamic cloud environment,” concluded Rom Carmel, CEO of Apono.
