The report shows that 2024 saw a dramatic spike in automated scanning activity
The latest Global Threat Landscape Report from FortiGuard Labs, the threat intelligence division of cybersecurity firm Fortinet, paints a stark picture of the evolving cyber threat environment. Based on data from 2024, the report reveals that cybercriminals are scaling up operations through the widespread use of automation, AI, and ready-made exploit tools—posing growing risks for organisations across sectors and geographies.
Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet FortiGuard Labs, summed up the urgency of the situation, saying, “Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale. The traditional security playbook is no longer enough. Organisations must shift to a proactive, intelligence-led defence strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”
The report shows that 2024 saw a dramatic spike in automated scanning activity. Threat actors are increasingly “shifting left” in their tactics—probing systems earlier in the attack cycle to identify vulnerable targets. FortiGuard Labs recorded a 16.7 per cent global year-on-year rise in active scanning, translating to roughly 36,000 scans per second. Attackers are especially focused on uncovering exposed services such as SIP and RDP, as well as operational technology and Internet of Things (OT/IoT) protocols like Modbus TCP. This rise reflects the scale and sophistication of threat actors in mapping digital infrastructure before launching attacks.
One of the most striking developments covered in the report is the flourishing market for cybercrime tools and services on the darknet. These marketplaces, operating more like commercial platforms than underground forums, now offer a wide range of ready-to-use exploit kits and access credentials. In 2024 alone, more than 40,000 new vulnerabilities were added to the National Vulnerability Database—a 39 per cent jump from the previous year. Threat actors are increasingly turning to initial access brokers who supply everything from corporate credentials and RDP access to admin panels and web shells. Notably, FortiGuard Labs observed a fivefold increase in logs harvested from devices compromised by infostealer malware. These logs, often sold in bulk, contained over 1.7 billion stolen credentials.
Artificial intelligence is another area where attackers are gaining ground. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are being used to craft more convincing phishing messages and evade conventional security controls. These tools offer advanced capabilities without the ethical safeguards of publicly available AI systems, enabling threat actors to scale their operations and improve their success rates.
Targeted attacks on high-value industries have also intensified. Manufacturing remained the most targeted sector in 2024, accounting for 17 per cent of all observed attacks. This was followed by business services (11 per cent), construction (9 per cent), and retail (9 per cent). Both nation-state-linked threat groups and ransomware-as-a-service (RaaS) operators directed their efforts at these industries, with the United States absorbing 61 per cent of attacks, followed by the United Kingdom (6 per cent) and Canada (5 per cent).
Cloud and IoT environments also remained in the crosshairs of attackers. Misconfigured services, open storage buckets, and excessive permissions continue to be exploited. FortiGuard Labs found that in 70 per cent of incidents, attackers gained initial access by logging in from unusual geographic locations—suggesting a need for more robust identity monitoring and geo-based access controls.
Credentials have become the currency of cybercrime. In 2024, cybercriminals shared over 100 billion compromised records in underground forums—a 42 per cent rise from the previous year. Combo lists made up of usernames, passwords, and email addresses were widely traded, fuelling automated credential-stuffing attacks. Groups such as BestCombo, BloddyMery, and ValidMail were among the most active, making it easier for less-skilled attackers to compromise accounts and conduct fraud.
The report does not just highlight problems—it also offers a roadmap for strengthening cyber defences. A dedicated section for CISOs, titled “CISO Playbook for Adversary Defence,” suggests a shift from traditional reactive approaches to continuous threat exposure management. This involves ongoing assessment of the attack surface, adversary simulation using tools like breach and attack simulation (BAS), and risk-based prioritisation of vulnerabilities based on their exploitability and impact.
Fortinet also recommends simulating real-world attack scenarios through red and purple teaming exercises, using the MITRE ATT\&CK framework to test the effectiveness of current defences. Reducing the attack surface is another key priority, which includes identifying and remediating exposed assets, monitoring for leaked credentials, and tracking activity on darknet forums.
The report further emphasises the importance of dark web intelligence. By keeping tabs on emerging ransomware services and hacker coordination efforts, organisations can better anticipate and mitigate threats like distributed denial-of-service (DDoS) attacks and website defacements.
Through its FortiGuard Labs Advisory Services, Fortinet offers support to organisations looking to improve their security posture. These services combine advanced technology with expert analysis to deliver both preventative and responsive solutions. In the event of a breach, FortiGuard Labs can provide rapid incident response and in-depth forensic investigation to limit damage and prevent recurrence.
As cyber threats continue to grow in complexity and volume, Fortinet’s findings underscore the importance of agility, intelligence, and proactive defence in managing digital risk. The full report offers security professionals valuable insights into attacker behaviour and concrete steps to fortify their organisations against the next wave of cyber threats.