Observers Document a 16.7% Uptick in Automated Surveillance Activities
In the dynamic world of cybersecurity, the year 2025 saw a significant escalation in cyber threats, with attackers targeting various services and protocols, according to recent reports.
Threat actors are executing billions of scans every month, focusing on services like Session Initiation Protocol (SIP), Remote Desktop Protocol (RDP), and Internet of Things (IoT) protocols such as Modbus TCP. These scans aim to gain unauthorised access to critical sectors like manufacturing, services, construction, and trade.
The most active groups in 2025 were state-sponsored groups from Russia, China, Iran, and North Korea, along with organized cybercriminals and hacktivists. These groups were found to be targeting nations such as Germany and other European countries, focusing on vital infrastructure sectors like energy, health, transport, and financial systems.
The increase in automated scanning activity last year saw a 16.7% rise compared to 2024. This surge in activity was accompanied by the addition of over 40,000 new vulnerabilities to the National Vulnerability Database, marking a 39% increase from the previous year.
Attackers are leveraging tools like FraudGPT and BlackmailerV3 to craft convincing phishing campaigns and evade traditional defenses. These campaigns, often targeted at businesses, are designed to steal sensitive information and gain unauthorized access to systems.
The rise of AI, automation, and cybercrime-as-a-service (CaaS) is increasing the sophistication, speed, and success of attacks, according to Kris Bondi, CEO of Mimoto. This trend is reflected in the 500% rise in logs available from systems compromised by infostealer malware, contributing to 1.7 billion stolen credential records shared online.
Darknet marketplaces are now offering neatly packaged exploit kits and corporate access credentials. Initial access brokers are selling login details, admin panels, and web shells, making it easier for attackers to gain entry into targeted systems.
To combat these threats, Fortinet recommends organizations transition to a continuous threat exposure management approach. This approach includes real-world adversary simulation, deployment of attack surface management (ASM) tools, prioritization of high-risk vulnerabilities, and use of dark web intelligence.
Security teams must work closely with engineering to enforce security guardrails constantly as part of managing a dynamic cloud environment, according to Rom Carmel, CEO of Apono. Agnidipta Sarkar, vice president at ColorTokens, warns that attack sophistication is on the rise, and critical sector organizations may shut down when faced with a cyber-attack.
Attackers frequently use "combo lists" for credential-stuffing attacks, which compile usernames, passwords, and emails. These lists are being used by groups like BestCombo, BloddyMery, and ValidMail to increase the success rate of their attacks.
However, AI-powered security solutions can detect vulnerabilities with precision in real-time, allowing businesses to respond quickly and prevent disruption to operations, according to Nicole Carignan, senior vice president at Darktrace. These solutions offer a promising defence against the ever-evolving cyber threats of the future.
