Enterprises Under Attack: Quarterly Threat Actor Patterns | Released Q3 2025

Excluding U.S. traffic, the highest concentrations of fraud hubs are found in Brazil (over 11%), Great Britain (nearly 10%), Vietnam (over 6%), and Nigeria (9%).

Overnight fraud surges were observed in Vietnam (38%), Mexico (38%), and India (36%).

Malicious traffic surged nearly 20% from Q1 to Q2 2025.

The Roblox browser accounted for 18% of gaming attacks, indicating a platform-specific vulnerability

Sign-up fraud traffic in the Fintech sector escalated to 17 times the industry average.

Great Britain was responsible for 44% of attacks specifically targeting the Fintech sector.

Despite growth in mobile threats, desktop remains the favoured channel, accounting for 68% of attack traffic.

Three-quarters (75%) of scams now target critical workflows such as account creation and sign-in processes.

Dating platforms experienced a 61% surge in mobile attacks.

Desktop-based threats targeting dating platforms declined by 16%.

Attack automation services targeting gaming increased from 15% to 25% of all gaming-related attacks.

Evening fraud attack peaks were observed in Pakistan (65%) and The Philippines (43%).

The overall device distribution for dating platforms flipped from 55% desktop prevalence to just 39% desktop prevalence.

Average attack size grew by over 12% from Q1 to Q2 2025, demonstrating that attacks are becoming larger and more aggressive in scale.

The use of attack automation services increased from 31% to 36% of all attacks from Q1 to Q2 2025.