Fortinet Unveils 2025 Global Threat Landscape Report

0

BEĞENDİM

ABONE OL

News

0

Introduction to the 2025 Global Threat Landscape Report

Fortinet, a leader in cybersecurity solutions focused on integrating network and security, has released its 2025 Global Threat Landscape Report from FortiGuard Labs. This comprehensive annual report offers a detailed analysis based on the MITRE ATT&CK framework, highlighting the evolving strategies of cyber attackers in 2024. The report underscores the increasing use of automation, commoditized tools, and artificial intelligence by cybercriminals, which are diminishing the traditional defenses of organizations.

Key Insights from the Report

Automated Scanning Surge: Cybercriminals are massively employing automated scanning to exploit fresh vulnerabilities. In 2024, global scanning activities surged by 16.7%, reaching unprecedented levels, which equates to approximately 36,000 scans every second. These activities focus on identifying open services like SIP and RDP, as well as OT/IoT protocols such as Modbus TCP.

Darknet Market Dynamics: Darknet forums have evolved into sophisticated marketplaces for exploit kits, with over 40,000 new vulnerabilities added to global databases, marking a 39% spike from the previous year. Cybercriminals are increasingly trading in corporate credentials, RDP access, admin panels, and web shells. There has been a 500% escalation in logs from systems compromised by information-stealing malware, with 1.7 billion stolen credential logs circulating underground.

AI-Driven Cybercrime Expansion: Cybercriminals are harnessing AI to craft more convincing phishing attacks and evade conventional security measures. AI tools such as FraudGPT, BlackmailerV3, and ElevenLabs are enabling more potent cyber campaigns without the ethical limitations of mainstream AI technologies.

Targeted Sector Attacks: Critical sectors like manufacturing, healthcare, and financial services are witnessing a rise in specialized attacks. The most affected sectors in 2024 include manufacturing (17%), business services (11%), construction (9%), and retail (9%). Both nation-state actors and Ransomware-as-a-Service operators are directing their efforts towards these areas, with the US, UK, and Canada being the most targeted nations.

Cloud and IoT Vulnerabilities: Cloud environments continue to be prime targets due to persistent vulnerabilities such as unprotected storage buckets and misconfigured services. In 70% of incidents, attackers leveraged unfamiliar geographic logins to gain unauthorized access, emphasizing the importance of identity monitoring in cloud security.

Credentials as Cybercrime Currency: Cybercriminals have shared over 100 billion compromised records on darknet forums, a 42% increase from last year. These records, often in the form of ‘compound lists’, are crucial for automating large-scale credential compromise attacks. Groups like BestCombo, BloddyMery, and ValidMail are actively packaging and validating these credentials, facilitating account takeovers, financial fraud, and corporate espionage.

CISO Playbook for Adversary Defense

The report provides actionable insights and strategies for CISOs and security teams to preemptively counter emerging cyber threats:

Continuous Threat Management: Transition from traditional threat detection to a proactive, continuous threat management approach that emphasizes attack surface management, real-world adversary behavior emulation, and automated defense responses.

Real-World Attack Simulations: Conduct adversary emulation, red and purple team exercises, and utilize the MITRE ATT&CK framework to test defenses against sophisticated ransomware and espionage threats.

Attack Surface Reduction: Implement attack surface management tools to identify exposed assets, leaked credentials, and exploitable vulnerabilities while keeping an eye on darknet forums for emerging threats.

High-Risk Vulnerability Prioritization: Direct remediation efforts towards vulnerabilities actively discussed by cybercriminal groups using frameworks like EPSS and CVSS for effective patch management.

Dark Web Intelligence Utilization: Monitor darknet markets for new ransomware services and hacktivist activities to proactively mitigate potential DDoS and web defacement attacks.