Fortinet predicts Cybercrime-as-a-Service to be a major threat in 2025

Cybercrime-as-a-Service could see cybercriminals launch more AI-driven attacks on organizations.

According to Fortinet’s 2025 Cyberthreat Predictions Report, cybercriminals are shifting towards more ambitious, sophisticated and destructive strategies. While classis tactics are still leveraged by cybercriminals, the evolving threat landscape is making it more challenging for organizations to secure their data.

In 2023, 94% of organizations had one or more security breaches, with the top cyberattacks being malware, ransomware and phishing, according to Fortinet’s Cybersecurity Skills Gap 2024 report. Last year, 52% of organizations also said security breaches have cost them over US$1 million. What’s more concerning is that 55% said it took more than one month to recover from a cyberattack.

Today, cybercriminals are also leveraging AI to launch more sophisticated attacks on organizations. This has led to an increased demand for cybercrime-as-service (CaaS). CaaS groups are becoming increasingly specialized. The attackers are adopting playbooks that blend digital and physical threats to execute highly targeted and impactful attacks.

Fortinet has observed CaaS providers offering buyers everything needed to execute an attack, from phishing kits to payloads. In 2025, Fortinet expects CaaS groups to increasingly embrace specialization, with many groups focusing on providing offerings that home in on just one segment of the attack chain.

CaaS is just one concern as the report, developed by FortiGuard Labs, revealed several unique trends that could emerge in 2025 and beyond. Firstly, the report predicts cybercriminals build on their expertise by studying their potential victims. This allows them to carry out targeted attacks quickly and more precisely.

The next trend will see cybercriminals target cloud environments as well. As more organizations embrace the cloud, it's increasingly piquing the interest of cybercriminals. While businesses opt for the multi-cloud, there could be cloud-specific vulnerabilities being leveraged by attackers. Fortinet anticipates this trend to grow in the future.

Another trend is the rise of automated hacking tools in the dark web. CaaS groups are offering phishing kits, Ransomware-as-a-Service, DDoS-as-a-Service, and more on the dark web. Fortinet’s research has noted an increase in the use of AI to power CaaS offerings and anticipate that attackers to use the automated output from LLMs to power CaaS offerings and grow the market. For example, taking social media reconnaissance and automating that intelligence into neatly packaged phishing kits.

A more concerning threat highlighted by Fortinet is the fact that some cybercriminals are now becoming more aggressive and destructive to the extent that they may even move towards physical, real-life threats. Fortinet stated that they’ve witnessed some cybercrime groups physically threaten an organization’s executives and employees in some instances. As most cybercrime groups are often affiliated with transnational crime organizations, Fortinet anticipates this will become a regular part of many playbooks.

Lastly, Fortinet predicts anti-adversary frameworks to expand. Just as cybercriminals evolve their strategies, the cybersecurity community is most likely to do the same as well. 2025 will see continue global collaborations pursued as well as the creation of public-private partnerships and the development of frameworks to combat threats.

“Cybercriminals will always find new ways to infiltrate organizations. Yet there are numerous opportunities for the cybersecurity community to collaborate to better anticipate adversaries’ next moves and interrupt their activities in a meaningful way.

The value of industry-wide efforts and public-private partnerships cannot be overstated, and we anticipate that the number of organizations participating in these collaborations will grow in the coming years,” commented Rashish Pandey, VP for Marketing and Communications in Asia and ANZ.

Pandey also believes that no single organization or security team can disrupt cybercrime alone. He mentioned that it is crucial for organizations to be working together and sharing intelligence across the industry.

Interestingly, the trends predicted for 2025 did not highlight any concerns on attacks that could be brought about by quantum computing. Peerapong Jongvibool, Senior Director, Fortinet Southeast Asia acknowledged while these threats are a concern, he feels that it will not be a major issue in 2025 as the technology is still developing and not many are fully capable yet of using it to launch cyberattacks and such.

However, Jongvibool does mention that the quantum cyberattacks are still a concern which businesses in the region will need to be prepared to deal with this when it occurs in the future.