According to FortiGuard Labs, cybercriminals conducted over 36,000 scans per second in 2024 during the reconnaissance phase—marking a 16.7 per cent global increase from the previous year
Cyberattacks have become faster, more targeted, and significantly harder to detect, as adversaries increasingly exploit automation, commoditised tools, and artificial intelligence (AI) to scale their operations. Fortinet’s latest Global Threat Landscape Report, compiled by FortiGuard Labs, provides a sobering snapshot of how the modern threat environment is evolving—and why defenders can no longer rely on conventional tactics to stay ahead.
The report analyses attack patterns through the lens of the MITRE ATT&CK framework, offering insights into tactics used by cybercriminals across the full spectrum of an attack. One of the most striking trends is the industrialisation of cybercrime, where threat actors operate with levels of speed, precision, and scale once thought exclusive to nation-state hackers.
Surge In Automated Reconnaissance
According to FortiGuard Labs, cybercriminals conducted over 36,000 scans per second in 2024 during the reconnaissance phase—marking a 16.7 per cent global increase from the previous year. These automated scans are designed to identify vulnerable systems and configurations before launching payloads or breaching defences.
Automation now plays a crucial role across all stages of an attack. From reconnaissance and exploitation to lateral movement and exfiltration, the deployment of AI-powered scripts and bots allows adversaries to probe, pivot, and plunder networks at unprecedented speeds.
AI, once a tool largely reserved for security defenders, is now being harnessed by attackers to generate convincing phishing content, create malware variants that evade traditional defences, and automate decision-making during attacks.
“The democratisation of AI has tipped the balance in favour of attackers,” notes the report, adding that generative AI tools are being used to craft realistic lures that are extremely difficult to detect—even for experienced security teams.
Credentials Fuel Cybercrime Economy
Credentials have become one of the most valuable assets in the cybercrime ecosystem. Fortinet’s data reveals a 42 per cent rise in stolen credentials being traded across darknet marketplaces in 2024, pushing the total number of compromised records to over 100 billion.
These records include not just usernames and passwords, but also session tokens, API keys, and multifactor authentication bypass data—offering attackers multiple ways to hijack accounts and gain unauthorised access.
The accessibility of such information enables even low-skilled attackers to orchestrate damaging attacks. With tools and stolen credentials readily available for purchase, cybercrime has become more commoditised and profitable than ever before.
Critical Sectors Under Fire
The report also highlights a worrying trend in the targeting of critical industries. Manufacturing was the most targeted sector in 2024, accounting for 17 per cent of all attacks tracked. This was followed by business services (11 per cent), construction (9 per cent), and retail (9 per cent).
Attacks on manufacturing often aim to disrupt operations, demand ransom, or steal intellectual property. In sectors like construction and retail, attackers seek to exploit supply chain vulnerabilities, point-of-sale systems, and poorly secured remote access protocols.
The scale and frequency of these attacks underscore the need for enhanced cybersecurity investments and cross-sector coordination to bolster resilience.
Implications For Cyber Defence
FortiGuard’s findings confirm that reactive approaches are no longer sufficient. Security teams must evolve to meet the pace and sophistication of modern adversaries. This includes adopting AI-driven defence mechanisms, improving real-time visibility, and implementing a zero-trust architecture.
Furthermore, businesses must place greater emphasis on credential hygiene, user behaviour analytics, and continuous monitoring. With attackers moving faster and smarter, organisations need proactive strategies that integrate intelligence, automation, and layered security.
The landscape of cyber threats is becoming more complex, but Fortinet’s report offers a clear message: defenders must adapt—or risk being overwhelmed. As cybercrime becomes increasingly industrialised, the battle will not be won with tools alone but through a holistic approach that blends technology, talent, and threat intelligence.
In a world where 36,000 scans per second and 100 billion stolen credentials are the new norm, the time to rethink and reinforce cyber defences is now.
