Navigating the 2025 Cyber Threat Landscape
The 2025 Fortinet Global Threat Landscape Report paints a stark picture of an increasingly aggressive and sophisticated cyber threat environment.
With automation, artificial intelligence, and commoditised cybercrime tools at their disposal, threat actors are moving faster than ever. For New Zealand organisations, particularly those in critical infrastructure and cloud-first sectors, the shift to proactive cybersecurity is no longer optional, it is imperative.
Automation is Fuelling a Surge in Reconnaissance
In 2024, cybercriminals ramped up automated reconnaissance efforts, with global scan volumes rising by 16.7%. These scans, often using tools like SIPVicious and targeting protocols like SIP and Modbus TCP, were used to map exposed digital assets before organisations had a chance to patch vulnerabilities.
AI and CaaS are Supercharging Cybercrime
Artificial intelligence has now become a staple in the cybercrime toolkit. Threat actors are deploying AI-powered tools like FraudGPT and ElevenLabs to generate phishing content, deepfake videos, and synthetic voices. Combined with the rise of Cybercrime-as-a-Service (CaaS), which offers everything from stolen credentials to Initial Access Broker services, the barrier to entry for attackers has never been lower.
Exploitation at Scale: From Initial Access to Persistent Threats
Despite no significant drop in the time it takes to exploit vulnerabilities (remaining near a 5.4-day average), the scale of attacks surged, with over 97 billion exploitation attempts recorded in 2024. Common targets included IoT devices, firewalls, and routers, which are often exploited for lateral movement or botnet control.
Stealth Tactics Post-Breach
Post-exploitation behaviours are increasingly stealthy, with attackers using legitimate Windows utilities and encrypted C2 channels to evade detection. Techniques such as DCShadow and RDP-based lateral movement are growing more common, particularly in attacks involving ransomware or espionage.
Cloud Remains a Soft Target
The cloud remains a primary battleground. Misconfigurations, over-permissioned identities, and exposed APIs continue to allow attackers easy entry.
Telemetry from FortiCNAPP revealed that in 70% of cloud compromise incidents, identity misuse from unfamiliar geographies was a key indicator. Attackers often move laterally within cloud environments using legitimate services for cover.
Stealth Tactics Post-Breach
The report underscores the need for Continuous Threat Exposure Management (CTEM). NZ CISOs must move beyond traditional threat detection and embrace proactive strategies such as adversary emulation, attack surface monitoring, and automated patch prioritisation. With threat actors operating at machine speed, cyber defence must do the same.
Nextro’s Call to Action for New Zealand
For organisations across New Zealand, especially those operating in sectors like energy, transport, education, and government, the findings of the 2025 Threat Landscape Report are a pressing reminder that traditional defences are no longer sufficient. With automated reconnaissance now occurring at a rate of 36,000 scans per second globally, it’s not a question of ‘if’ a vulnerability will be found, but ‘when’.
Nextro works with New Zealand enterprises to anticipate and mitigate cyber risk before adversaries strike. Our team implements solutions aligned with Continuous Threat Exposure Management (CTEM), enabling your organisation to simulate real-world threats, prioritise patching based on risk, and reduce your attack surface in cloud, hybrid and OT environments.
Whether you’re facing legacy IoT challenges, cloud misconfigurations, or targeted phishing campaigns staff, Nextro can help you take back control of your cyber terrain. Our partnerships with global leaders like Fortinet give you the insight, tools, and support to operate securely at speed.
Ready to shift left and reduce your risk? Contact the Nextro team today to assess your threat exposure.