Record increase in automated cyberattacks using artificial intelligence revealed: how criminals operate

A new intelligence report highlights a surge in cyberattacks through 2024, driven by the use of automation tools that make cybercriminals' jobs easier: they program bots that allow multiple attacks to be carried out simultaneously, with 36,000 scans per second.

The information comes from FortiGuard Labs , the threat lab of Fortinet, a cybersecurity company that publishes annual reports on the overall landscape of cyberattackers. It's worth clarifying that these numbers are relative to the company's detection system and, while they don't exhaust the overall picture, they serve as a sample of what's happening in the industry and the risks to which users are exposed.

Among the discoveries, Fortinet detected a 500% increase in records of compromised credentials (i.e., username and password): in 2024, 1.7 billion stolen credentials were shared on dark web forums , highlighting the increase in large-scale theft of sensitive information. Personal data is traded on these clandestine sites and then used in a variety of criminal ways .

Additionally, they highlight a 39% increase in vulnerabilities : during 2024, cybercriminals shared more than 100 billion compromised records on underground forums, a year-over-year increase of 42%.

However, one of the report's most notable features concerns the use of artificial intelligence to carry out attacks by cybercriminals.

Automated bot attacks occur when a cybercriminal programs tools that operate autonomously to search for vulnerabilities, exploit security flaws, or steal information. Unlike manual attacks, bots allow millions of targets to be scanned simultaneously and launch large-scale attacks without human intervention.

This feature allows large ransomware groups to “sweep” the configurations of the tools their victims use and, when a vulnerability is active (such as an outdated or misconfigured system), exploit it to compromise a system.

Common examples of these automated attacks include mass vulnerability scans, brute-force attacks that try millions of passwords to break into systems, or password theft via programs known as "infostealers."

Phishing campaigns are also generated using AI to make them more credible.

“Our latest FortiGuard Labs report on the 2025 Global Threat Landscape makes one thing clear: cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented levels of speed and scale ,” said Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at FortiGuard Labs at Fortinet.

“The traditional security playbook is no longer sufficient. Organizations must adopt a proactive strategy focused on intelligence and driven by AI, zero trust, and continuous threat exposure management to stay ahead of today's increasingly evolving threat landscape,” he added.

Fortinet highlights the following concerns in its report:

Automated scanning reached record levels in 2024, increasing 16.7% year-over-year. Cybercriminals deployed bots to detect vulnerabilities in exposed infrastructure on a global scale.

Underground forums have established themselves as markets for exploit kits, with more than 40,000 new vulnerabilities added in 2024. Additionally, the number of stolen credentials shared grew by 500%, fueling cybercrime.

AI-driven cybercrime

The use of artificial intelligence in attacks allowed for the creation of more realistic and difficult-to-detect phishing campaigns, supported by tools such as FraudGPT, BlackmailerV3, and ElevenLabs.

Attacks on critical sectors

Industries such as manufacturing, healthcare, and financial services were the most targeted in 2024, with targeted attacks driven by nation-states and ransomware-as-a-service groups.

Cloud environments remain a primary target, with 70% of incidents linked to access from unknown locations due to insecure configurations and excessive permissions.

Credentials as the currency of cybercrime

More than 100 billion stolen records were shared on the dark web in 2024, facilitating automated credential-stealing attacks and fueling financial fraud and espionage.

Last week, there were several report presentations in the world of cybersecurity.

The FBI's Internet Crime Complaint Center (IC3), which tracks the overall scenario of cyberattacks reported in the United States, published its 2024 edition , and there are some interesting numbers.

While the report is localized to that country, it serves as a global thermometer for the most common attacks, confirming, year after year, that neither ransomware nor advanced threats (APT) constitute the largest volume of attacks: phishing, false investments, scams, and fake technical support top the list.

All of this suggests that the gateway to cybercrime is still a set of well-known scams and deceptions, evolving only in form but not so much in structure.

Google Cloud published its M-Trends report, highly regarded in the industry and considered by many to be one of the most representative, as it is compiled based on incident response data from public and private organizations, and Verizon also released its annual report last week.

The reports, each with different nuances, outline the most important aspects discussed in today's cybersecurity world.