According to Cyberthreat Predictions 2025 report by Fortinet, there would be a shift towards more ambitious, sophisticated, and destructive strategies while adversaries continue to leverage classic tactics that have persisted for decades. Cybercrime-as-a-service (CaaS) groups will become increasingly specialised, with attackers adopting playbooks that blend digital and physical threats to execute highly targeted and impactful attacks.

Developed by FortiGuard Labs, the report has examined the evolution of traditional attack methods, emerging trends shaping the future of cybercrime, and actionable recommendations for organisations to strengthen their resilience. The report provided a forward-looking view of the challenges posed by a rapidly changing threat landscape and equips businesses with the insights needed to proactively defend against advanced cyber threats.

As cybercrime evolves, the report has anticipated seeing several unique trends emerge in 2025 and beyond:

  • More attack chain expertise emerges- In recent years, cybercriminals have been spending more time “left of boom” on the reconnaissance and weaponisation phases of the cyber kill chain. As a result, threat actors can carry out targeted attacks quickly and more precisely. In the past, it has been observed that many CaaS providers serve as jacks of all trades, offering buyers everything needed to execute an attack, from phishing kits to payloads. However, it is expected that CaaS groups will increasingly embrace specialisation, with many groups focusing on providing offerings that home in on just one segment of the attack chain.
  • It is cloud(y) with a chance of cyberattacks- While targets like edge devices will continue to capture the attention of threat actors, there is another part of the attack surface that defenders must pay close attention to over the next few years: their cloud environments. Although cloud is not new, it is increasingly piquing the interest of cybercriminals. Given that most organisations rely on multiple cloud providers, it is not surprising that it has been observed that more cloud-specific vulnerabilities being leveraged by attackers, anticipating that this trend will grow in the future.
  • Automated hacking tools make their way to the dark web marketplace- A seemingly endless number of attack vectors and associated code are now available through the CaaS market, such as phishing kits, ransomware-as-a-service, distributed denial of service (DDoS)-as-a-service, and more. It has been already seen that some cybercrime groups rely on artificial intelligence (AI) to power CaaS offerings, the trend is expected to flourish. It is anticipated that attackers will use the automated output from large language models (LLMs) to power CaaS offerings and grow the market, such as taking social media reconnaissance and automating that intelligence into neatly packaged phishing kits.
  • Playbooks grow to include real-life threats- Cybercriminals continually advance their playbooks, with attacks becoming more aggressive and destructive. It is predicted that adversaries will expand their playbooks to combine cyberattacks with physical, real-life threats. It has been already seen that some cybercrime groups physically threaten an organisation’s executives and employees in some instances and anticipate that this will become a regular part of many playbooks. It is anticipated that transnational crime, such as drug trafficking, smuggling people or goods, and more will become a regular component of more sophisticated playbooks, with cybercrime groups and transnational crime organisations working together.
  • Anti-adversary frameworks will expand- As attackers continually evolve their strategies, the cybersecurity community at large can do the same in response. Pursuing global collaborations, creating public-private partnerships, and developing frameworks to combat threats are all vital to enhancing our collective resilience. Many related efforts like the World Economic Forum Cybercrime Atlas initiative are already underway, and it is anticipated that more collaborative initiatives will emerge to meaningfully disrupt cybercrime.

As per the report, cybercriminals will always find new ways to infiltrate organisations. Yet there are numerous opportunities for the cybersecurity community to collaborate to better anticipate adversaries’ next moves and interrupt their activities in a meaningful way.

The value of industry-wide efforts and public-private partnerships cannot be overstated, and it is anticipated that the number of organisations participating in these collaborations will grow in the coming years. Additionally, organisations must remember that cybersecurity is everyone’s job, not just the responsibility of the security and IT teams. Implementing enterprise-wide security awareness and training, for example, is a vital component of managing risk. And finally, other entities have a responsibility to promote and adhere to robust cybersecurity practices, ranging from governments to the vendors that manufacture the security products we rely on.

The report noted that no single organisation or security team can disrupt cybercrime alone. By working together and sharing intelligence across the industry, everyone is collectively better positioned to fight back against adversaries and effectively protect society at large.

Commenting on the report, Vishak Raman, vice president (VP) of Sales, India, SAARC, SEA and ANZ at Fortinet, said, “From the rise of CaaS to the convergence of cyber and physical threats, these trends reflect how adversaries are pushing boundaries to execute more precise, large-scale attacks. While adversaries are leveraging AI to enhance their attacks, Fortinet leads the way in applying AI to strengthen defences, automate threat detection, and reduce operational burdens for security teams. Through our AI-powered cybersecurity platform, we empower customers to stay ahead of evolving threats, optimise their security strategies, and build resilience in an increasingly complex digital landscape.”