2025 Global Threat Landscape Report

In cloud environments, in 70% of observed incidents, attackers gained access through logins from unfamiliar geographies.

Over 100 billion compromised records were shared on underground forums in 2024. This represents a 42% year-over-year spike.

1.7 billion stolen credential records were shared in underground forums.

FortiGuard Labs observed a 500% increase in the past year in logs available from systems compromised by infostealer malware.

Over 40,000 new vulnerabilities were added to the National Vulnerability Database in 2024. This marks a 39% rise from 2023.

FortiGuard Labs observed billions of active scans each month. This equates to 36,000 scans per second.

In 2024, the most targeted sectors were: manufacturing (17%), business services (11%), construction (9%), retail (9%).

More than half of darknet posts involved leaked databases

There was a 16.7% rise worldwide year-over-year in active scanning.

Initial access brokers on cybercriminal forums are increasingly offering: corporate credentials (20%), RDP access (19%), admin panels (13%), web shells (12%).

In terms of geography for attacks on critical sectors, the United States bore the brunt of attacks (61%), followed by the United Kingdom (6%) and Canada (5%).