Fortinet’s 2025 Global Threat Landscape Report shows attackers are moving faster and with greater precision—fueled by automation, AI, and a thriving underground economy for stolen credentials.
Here are some of the key findings:
“From pre-attack reconnaissance to post-compromise persistence, attackers now operate with unprecedented speed, precision, and reach, challenging organizations to shift from reactive defense to proactive exposure management.”
“Tools like FraudGPT, BlackmailerV3, and ElevenLabs are automating the generation of malware, deepfake videos, phishing websites, and synthetic voices, fueling more scalable, believable, and effective campaigns.”
“FortiGuard Labs observed a 42% increase in compromised credentials for sale and a rise in Initial Access Broker (IAB) activity offering VPNs, RDPs, and admin panels. Infostealers like Redline and Vidar drove a 500% increase in credential logs on darknet forums.”
“Our analysis reveals that adversaries most often enter cloud environments through exposed credentials, phishing exploits, and misconfigured cloud authentication settings.”
“Staying ahead of attackers now means countering their next move before they make it, which means that traditional security solutions are no longer enough.”
“CISOs must act swiftly and decisively to minimize risks and strengthen their defenses… [and] close exposure gaps before attackers can strike.”
Fortinet’s report calls for a shift from reactive defense to proactive exposure management. This includes not only systems and services, but also people.
The Black Basta leaks confirmed what many organizations overlook: employee and executive PII on data broker sites is part of the enterprise attack surface. When attackers can easily find names, roles, emails, and phone numbers through data brokers, it fuels phishing and infostealer deployment, opening the door to organizational compromise.
With AI and automation supercharging attacker reconnaissance and scaling phishing attacks to unprecedented levels, it is all the more imperative for organizations to minimize their data broker exposure as a proactive security measure.
Read the full report here: Fortinet 2025 Global Threat Landscape Report