MANILA, Philippines – Cybersecurity firm Fortinet, in their 2025 Global Threat Landscape Report released in May, found threat actors are relying more on AI and automation to enhance their attacks.
The firm said these threat actors are “increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.” AI has seen a boom in recent years, particularly with the rise of ChatGPT, and its use across sectors have been explored more — by hackers too, it would seem.
Fortinet’s chief security strategist, Derek Manky, said in a press statement that in order to fight the growing AI-powered threat, AI must also be leveraged for cyber-defense.
“The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape,” Manky said.
Another cybersecurity firm reported findings recently as well that highlight the threat of AI in cybersecurity. In 2024, the firm found that there were 53 million bruteforce attacks in Southeast Asia or attacks that attempt to guess passwords to gain access to systems. The two biggest-hit SEA nations, Indonesia and Malaysia, experienced a 25% and 14% growth year-over-year in number of bruteforce attacks, and AI may have something to do with that, according to Kaspersky.
“With better artificial intelligence (AI) services at play, cybercriminals now have a reliable assistant to guess passwords and break encryptions faster. Once successful, a bruteforce attack allows an attacker to gain remote access to the targeted host computer. Imagine the repercussions of having a spy, or more, inside your computers. Thus, it is urgent for businesses here to really look into their IT posture and recalibrate their cybersecurity capabilities,” said Adrian Hia, managing director for Asia Pacific at Kaspersky.
Hia also noted the shortage of cybersecurity professionals that make the problem bigger — a constant issue in the cybersecurity industry.
Below are othere key findings from the annual Fortinet report:
- The use of automated scanning for potential system vulnerabilities hit a record high based on Fortinet’s numbers. The use of these tools rose by 16.7% worldwide, year-over-year, in 2024. The firm said it observed “billions of scans each month, equating to 36,000 scans per second,” which it said is a “record high” and represents “an intensified focus” to find and map exposed services and digital infrastructure.
That means if a, for example, company’s network has left an opening or vulnerability, the chances may be higher that that vulnerability will be found by threat actors. - The number of tool kits for exploiting vulnerabilities increased, and are now more easily accessible. In 2024, there were toolkits via darknet marketplaces available for 40,000 new vulnerabilities, representing a 39% rise from 2023. Selles are hawking zero-day vulnerabilities, corporate credentials, and access to administrative systems, among others.
- AI use is growing. Some of the ways that cybercriminals are harnessing AI include using it to enhance phishing realism, evading traditional security controls, and in general, making attacks more difficult to detect and increasing their potency.
Aside from these, the firm said that attacks on critical sectors have also grown year-over-year including manufacturing, business services, healthcare, financial services, and business services. The top attackers are nation-backed actors, and ransomware-as-a-service operators. These sectors are highly targeted as their operations are time-critical, and these need to regain access to their systems as quickly as they can or risk bigger financial losses, or even lives in the case of the healthcare sector.
The company also saw a massive growth in the number of compromised records shared in hacker forums in 2024. Over 100 billion records were circulated in the darknet, representing a 42% year-over-year increase, driven the most by the rise of what the firm called “combo lists” which contain stolen usernames, passwords, and email addresses.
Leaked databases were also a big part of this number, which allowed attackers to “automate credential-stuffing attacks at scale” that have led to increased “account takeovers, financial fraud, and corporate espionage.” – Rappler.com