Get ready for bigger, bolder attacks

Issue 1 2025 Information Security

While threat actors continue to rely on many classic tactics that have existed for decades, FortiGuard Labs’ threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and—from their perspectives—better attacks.

From Cybercrime-as-a-Service (CaaS) groups becoming more specialised to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.

In FortiGuard Labs’ 2025 threat predictions report, the FortiGuard Labs team looks at tried-and-true attacks cybercriminals continue to rely on and how these have evolved, shares fresh threat trends to watch for this year and beyond, and offers advice on how organisations worldwide can enhance their resilience in the face of a changing threat landscape.

Emerging threat trends to watch for in 2025 and beyond

As cybercrime evolves, FortiGuard Labs anticipates seeing several unique trends emerge.

• More attack chain expertise emerges: In recent years, cybercriminals have spent more time ‘left of boom’ on the reconnaissance and weaponisation phases of the cyber kill chain. As a result, threat actors can carry out targeted attacks quickly and more precisely. In the past, we’ve observed many CaaS providers serving as jacks of all trades—offering buyers everything needed to execute an attack, from phishing kits to payloads. However, we expect that CaaS groups will increasingly embrace specialisation, with many groups focusing on providing offerings that home in on just one segment of the attack chain.

• It’s cloud(y) with a chance of cyberattacks: While targets like edge devices will continue to capture the attention of threat actors, defenders must pay close attention to another part of the attack surface over the next few years: their cloud environments. Although the cloud isn't new, it's increasingly piquing the interest of cybercriminals. Given that most organisations rely on multiple cloud providers, it’s not surprising that we’re observing more cloud-specific vulnerabilities being leveraged by attackers, anticipating that this trend will grow in the future.

• Automated hacking tools go to the Dark Web marketplace: A seemingly endless number of attack vectors and associated code are now available through the CaaS market, such as phishing kits, Ransomware-as-a-Service, DDoS-as-a-Service, and more. While we’re already seeing some cybercrime groups rely on AI to power CaaS offerings, we expect this trend to flourish. We anticipate attackers will use the automated output from LLMs to power CaaS offerings and grow the market, such as taking social media reconnaissance and automating that intelligence into neatly packaged phishing kits.

• Playbooks grow to include real-life threats: Cybercriminals continually advance their playbooks, with attacks becoming more aggressive and destructive. We predict adversaries will expand their playbooks to combine cyberattacks with physical, real-life threats. We’re already seeing some cybercrime groups physically threaten an organisation’s executives and employees in some instances, and we anticipate that this will become a regular part of many playbooks. We also anticipate that transnational crime—such as drug trafficking, smuggling people or goods, and more—will become a regular component of more sophisticated playbooks, with cybercrime groups and transnational crime organisations working together.

• Anti-adversary frameworks will expand: As attackers continually evolve their strategies, the cybersecurity community at large can do the same in response. Pursuing global collaborations, creating public-private partnerships, and developing frameworks to combat threats are all vital to enhancing our collective resilience. Many related efforts—like the World Economic Forum Cybercrime Atlas initiative, of which Fortinet is a founding member—are already underway, and we anticipate that more collaborative initiatives will emerge to meaningfully disrupt cybercrime.

Enhancing collective resilience

Cybercriminals will always find new ways to infiltrate organisations. Yet, there are numerous opportunities for the cybersecurity community to collaborate to better anticipate adversaries’ next moves and interrupt their activities in a meaningful way.

The value of industry-wide efforts and public-private partnerships cannot be overstated, and we anticipate that the number of organisations participating in these collaborations will grow in the coming years. Additionally, organisations must remember that cybersecurity is everyone’s job, not just the responsibility of the security and IT teams. For example, implementing enterprise-wide security awareness and training is a vital component of managing risk. And finally, other entities have a responsibility to promote and adhere to robust cybersecurity practices, ranging from governments to the vendors that manufacture the security products we rely on.

No single organisation or security team can disrupt cybercrime alone. By working together and sharing intelligence across the industry, we’re collectively better positioned to fight back against adversaries and effectively protect society at large.

Download a copy of the full predictions report for 2025 at www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/report_2025-threat-predictions.pdf.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.