Fortinet's FortiGuard Labs Releases 2025 Global Threat Landscape Report Revealing Surge in Cybercrime-as-a-Service on the Darknet

The report reveals significant increases in cybercrime automation and darknet activities, emphasizing evolving threats and defense strategies for organizations.

Quiver AI Summary

Fortinet has released its 2025 Global Threat Landscape Report, revealing a significant rise in Cybercrime-as-a-Service on the darknet, which is driving a booming market for stolen credentials, exploits, and access to systems. The report highlights how cybercriminals are using automation and AI to enhance their attacks, leading to record-high levels of automated scanning for exposed targets. Notably, the report shows a 42% increase in shared compromised records on underground forums, with a surge in various attack methods targeting critical sectors like manufacturing and healthcare. Fortinet emphasizes the need for organizations to adopt proactive, AI-driven strategies and continuous monitoring to defend against these evolving threats, while also providing actionable recommendations for strengthening security postures.

Potential Positives

Fortinet's 2025 Global Threat Landscape Report positions the company as a thought leader in cybersecurity, providing significant insights into emerging cyber threats and attacker tactics.
The report emphasizes the need for a proactive, AI-driven security strategy, showcasing Fortinet's commitment to innovation and addressing evolving cybersecurity challenges.
Fortinet's collaboration with global organizations, including governments and academia, enhances its reputation and strengthens its role in fostering cyber resilience worldwide.

Potential Negatives

The report highlights a significant rise in cybercrime activities, indicating that the threat landscape is becoming increasingly difficult to navigate, which could create concerns about the efficacy of Fortinet's solutions.
There is a reported 500% increase in logs from systems compromised by infostealer malware, suggesting a substantial escalation in security breaches that could reflect poorly on the company's defensive capabilities.
As the report indicates that organizations need to shift to a more proactive security approach, it may imply that current solutions may not be adequately addressing evolving threats, potentially undermining customer confidence in Fortinet's offerings.

FAQ

What is the focus of the 2025 Global Threat Landscape Report?

The report highlights trends in cybercrime, emphasizing the rise of Cybercrime-as-a-Service and automated attacks.

How has cybercrime evolved according to the report?

Cybercrime has accelerated, utilizing AI and automation to enhance attack speed and sophistication, outpacing traditional defenses.

Which sectors are most targeted by cybercriminals?

Manufacturing, healthcare, and financial services are the most targeted sectors, with significant increases in tailored cyberattacks.

What role does automation play in contemporary cyberattacks?

Automation enables attackers to perform massive scans and exploit vulnerabilities at unprecedented speeds, making detection difficult.

What strategies do organizations need to adopt for better security?

Organizations should focus on proactive measures, including continuous threat exposure management and risk-based remediation strategies.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$FTNT Congressional Stock Trading

Members of Congress have traded $FTNT stock 3 times in the past 6 months. Of those trades, 2 have been purchases and 1 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by members of Congress over the last 6 months:

REPRESENTATIVE BYRON DONALDS has traded it 2 times. They made 2 purchases worth up to $30,000 on 02/13 and 0 sales.
REPRESENTATIVE ROBERT BRESNAHAN sold up to $15,000 on 01/13.

To track congressional stock trading, check out Quiver Quantitative's congressional trading dashboard.

$FTNT Insider Trading Activity

$FTNT insiders have traded $FTNT stock on the open market 57 times in the past 6 months. Of those trades, 2 have been purchases and 55 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by insiders over the last 6 months:

KEN XIE (PRESIDENT & CEO) has made 0 purchases and 30 sales selling 389,156 shares for an estimated $38,093,536.
MICHAEL XIE (VP, ENGINEERING & CTO) has made 0 purchases and 7 sales selling 351,496 shares for an estimated $34,028,399.
KEITH JENSEN (Chief Financial Officer) has made 0 purchases and 14 sales selling 119,765 shares for an estimated $11,511,466.
JOHN WHITTLE (CHIEF OPERATING OFFICER) has made 0 purchases and 2 sales selling 38,495 shares for an estimated $3,293,666.
KENNETH A GOLDMAN has made 0 purchases and 2 sales selling 3,000 shares for an estimated $299,320.
WILLIAM H. NEUKOM has made 2 purchases buying 683 shares for an estimated $69,845 and 0 sales.

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$FTNT Hedge Fund Activity

We have seen 620 institutional investors add shares of $FTNT stock to their portfolio, and 518 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

NORGES BANK added 6,759,922 shares (+748.1%) to their portfolio in Q4 2024, for an estimated $638,677,430
FMR LLC added 2,846,475 shares (+77.2%) to their portfolio in Q4 2024, for an estimated $268,934,958
ARROWSTREET CAPITAL, LIMITED PARTNERSHIP added 2,151,811 shares (+39.3%) to their portfolio in Q4 2024, for an estimated $203,303,103
SWEDBANK AB removed 2,015,745 shares (-29.6%) from their portfolio in Q4 2024, for an estimated $190,447,587
INVESCO LTD. added 2,000,888 shares (+31.3%) to their portfolio in Q4 2024, for an estimated $189,043,898
MILLENNIUM MANAGEMENT LLC removed 1,811,984 shares (-49.9%) from their portfolio in Q4 2024, for an estimated $171,196,248
LEGAL & GENERAL GROUP PLC removed 1,798,519 shares (-23.7%) from their portfolio in Q4 2024, for an estimated $169,924,075

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$FTNT Analyst Ratings

Wall Street analysts have issued reports on $FTNT in the last several months. We have seen 4 firms issue buy ratings on the stock, and 0 firms issue sell ratings.

Here are some recent analyst ratings:

Goldman Sachs issued a "Buy" rating on 01/02/2025
KeyBanc issued a "Overweight" rating on 12/19/2024
Morgan Stanley issued a "Overweight" rating on 12/02/2024
Cowen & Co. issued a "Buy" rating on 11/19/2024

To track analyst ratings and price targets for $FTNT, check out Quiver Quantitative's $FTNT forecast page.

$FTNT Price Targets

Multiple analysts have issued price targets for $FTNT recently. We have seen 8 analysts offer price targets for $FTNT in the last 6 months, with a median target of $103.0.

Here are some recent targets:

An analyst from Roth Capital set a target price of $103.0 on 04/22/2025
An analyst from UBS set a target price of $123.0 on 03/18/2025
Eric Heath from KeyBanc set a target price of $115.0 on 12/19/2024
Adam Borg from Stifel Nicolaus set a target price of $103.0 on 12/18/2024
Catherine Trebnick from Rosenblatt Securities set a target price of $100.0 on 11/19/2024
Stephen Bersey from HSBC set a target price of $111.0 on 11/11/2024
Keith Bachman from BMO Capital set a target price of $88.0 on 11/08/2024

Full Release

FortiGuard Labs 2025 Global Threat Landscape Report highlights a boom in Cybercrime-as-a-Service on the darknet, fueling a lucrative market for credentials, exploits, and access

SUNNYVALE, Calif., April 28, 2025 (GLOBE NEWSWIRE) --

News Summary

Fortinet ^® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the release of the 2025 Global Threat Landscape Report from FortiGuard Labs . The latest annual report is a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The data reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.

“Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale,” said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet FortiGuard Labs. “The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape.”

Key findings from the latest FortiGuard Labs Global Threat Landscape Report include:

Automated scanning hits record highs as attackers shift left to identify exposed targets early . To capitalize on newfound vulnerabilities, cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by 16.7% worldwide year-over-year, highlighting a sophisticated and massive collection of information on exposed digital infrastructure. FortiGuard Labs observed billions of scans each month, equating to 36,000 scans per second, revealing an intensified focus on mapping exposed services such as SIP and RDP and OT/IoT protocols like Modbus TCP.
Darknet marketplaces fuel easy access to neatly packaged exploit kits . In 2024, cybercriminal forums increasingly operated as sophisticated marketplaces for exploit kits, with over 40,000 new vulnerabilities added to the National Vulnerability Database, a 39% rise from 2023. In addition to zero-day vulnerabilities circulating on the darknet, initial access brokers are increasingly offering corporate credentials (20%), RDP access (19%), admin panels (13%), and web shells (12%). Additionally, FortiGuard Labs observed a 500% increase in the past year in logs available from systems compromised by infostealer malware, with 1.7 billion stolen credential records shared in these underground forums.
AI-powered cybercrime is scaling rapidly . Threat actors are harnessing AI to enhance phishing realism and evading traditional security controls, making cyberattacks more effective and difficult to detect. Tools like FraudGPT, BlackmailerV3, and ElevenLabs are fueling more scalable, believable, and effective campaigns, without the ethical restrictions of publicly available AI tools.
Targeted attacks on critical sectors intensify . Industries such as manufacturing, healthcare, and financial services continue to experience a surge in tailored cyberattacks, with adversaries deploying sector-specific exploitations. In 2024, the most targeted sectors were manufacturing (17%), business services (11%), construction (9%), and retail (9%). Both nation-state actors and Ransomware-as-a-Service (RaaS) operators concentrated their efforts on these verticals, with the United States bearing the brunt of attacks (61%), followed by the United Kingdom (6%) and Canada (5%).
Cloud and IoT security risks escalate . Cloud environments continue to be a top target, with adversaries exploiting persistent weaknesses such as open storage buckets, over-permissioned identities, and misconfigured services. In 70% of observed incidents, attackers gained access through logins from unfamiliar geographies, highlighting the critical role of identity monitoring in cloud defense.
Credentials are the currency of cybercrime . In 2024, cybercriminals shared over 100 billion compromised records on underground forums, a 42% year-over-year spike, driven largely by the rise of “combo lists” containing stolen usernames, passwords, and email addresses. More than half of darknet posts involved leaked databases, enabling attackers to automate credential-stuffing attacks at scale. Well-known groups like BestCombo, BloddyMery, and ValidMail were the most active cybercriminal groups during this time and continue to lower the barrier to entry by packaging and validating these credentials, fueling a surge in account takeovers, financial fraud, and corporate espionage.

CISO Takeaway: Strengthening Cyber Defenses Against Emerging Threats
Fortinet’s Global Threat Landscape Report provides rich details on the latest attacker tactics and techniques while also delivering prescriptive recommendations and actionable insights. Designed to empower CISOs and security teams, the report offers strategies to counter threat actors before they strike, helping organizations stay ahead of emerging cyberthreats.

This year’s report includes a “CISO Playbook for Adversary Defense” that highlights a few strategic areas to focus on:

S hifting from traditional threat detection to continuous threat exposure management : This proactive approach emphasizes continuous attack surface management, real-world emulation of adversary behavior, risk-based remediation prioritization, and automation of detection and defense responses. Utilizing breach and attack simulation (BAS) tools to regularly assess endpoint, network, and cloud defenses against real-world attack scenarios ensures resilience against lateral movement and exploitation.
Simulating real-world attacks : Conduct adversary emulation exercises, red and purple teaming, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.
Reducing attack surface exposure : Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.
Prioritizing high-risk vulnerabilities : Focus remediation efforts on vulnerabilities actively discussed by cybercrime groups, leveraging risk-based prioritization frameworks such as EPSS and CVSS for effective patch management.
Leveraging dark web intelligence : Monitor darknet marketplaces for emerging ransomware services and track hacktivist coordination efforts to preemptively mitigate threats like DDoS and web defacement attacks.

Discover how FortiGuard Labs Advisory Services combine cutting-edge technology and expert services to help organizations strengthen their security posture before threats emerge. In the event of an incident, FortiGuard Labs offers swift, effective response and in-depth forensic analysis to minimize impact and prevent future intrusions, delivering comprehensive protection in today’s increasingly volatile digital landscape.

Additional Resources

Download a copy of the 2025 Global Threat Landscape Report from FortiGuard Labs.
Read the blog for valuable takeaways from this research.
Learn more about FortiGuard Labs threat intelligence and research and outbreak alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
Learn about FortiAI and Fortinet’s AI-driven innovations.
Read more about the Fortinet Security Fabric, which brings end-to-end security to organizations of all sizes to prevent ransomware across all points of entry.
Visit fortinet.com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
Read about how Fortinet customers are securing their organizations.
Learn about Fortinet's commitment to product security and integrity , including its responsible product development and vulnerability disclosure approach and policies.
Follow Fortinet on X , LinkedIn , Facebook , and Instagram . Subscribe to Fortinet on our blog or YouTube .

About Fortinet
Fortinet (Nasdaq: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute , one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs , Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com , the Fortinet Blog , and FortiGuard Labs .

Copyright © 2025 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Media Contact:	Investor Contact:	Analyst Contact:
Travis Anderson Fortinet, Inc. 408-235-7700 [email protected]	Aaron Ovadia Fortinet, Inc. 408-235-7700 [email protected]	Brian Greenberg Fortinet, Inc. 408-235-7700 [email protected]