July 17, 2025
Join us July 28-August 1 for the online VISIONS CIO Summit, hosted by Quartz Network. Be our guest when you use code NWG-VIP.
Threat actors are increasingly leveraging AI and automation to accelerate cyberattack campaigns. Recent threat intelligence reports show that automated scanning activity now exceeds 36,000 requests per second, targeting exposed services such as Remote Desktop Protocol (RDP), Session Initiation Protocol (SIP) and various Internet of Things (IoT) protocols. These rapid-fire scans allow adversaries to map internet-facing infrastructure and identify vulnerabilities at scale.
Meanwhile, over 1.7 billion stolen credentials circulate across dark web marketplaces, fueling a surge in automated password-based attacks. Tools driven by AI now enable targeted password spraying, credential stuffing and brute-force campaigns with improved success rates and reduced noise. These tactics frequently bypass traditional defenses, exploiting weak or reused credentials across enterprise applications and cloud environments.
This automation-first approach has led to an increase in stealth campaigns that rely on legitimate protocols, low-and-slow activity and lateral movement to evade detection. As attackers adopt more sophisticated and adaptive strategies, defenders must raise their operational resilience accordingly.
Implement Credential Hygiene and MFA Everywhere
Require unique, complex passwords across all accounts, and enforce multi-factor authentication on all external and privileged access points. Strong authentication disrupts automated attack chains by increasing the cost and complexity of credential misuse.
Continuously Monitor for High-Velocity and Low-Signal Reconnaissance
Deploy behavioral detection rules and anomaly-based logging to flag abnormal scan frequency, authentication attempts or access patterns. This improves visibility into attacker reconnaissance that often precedes full compromise.
Limit Attack Surface Through Exposure Audits
Routinely inventory and assess internet-facing assets and misconfigured services. Eliminate legacy protocols and unnecessary ports, and use geo-IP restrictions or allowlists where appropriate to reduce exposure to global scan engines.
NWG’s offensive security team simulates the exact TTPs (tactics, techniques and procedures) used in AI-driven and automated attacks. By proactively testing your environment under real-world conditions, we uncover exploitable paths before adversaries do—across external, internal, cloud and identity surfaces. Our reports prioritize what matters most: impact, context and actionable remediation, empowering your team to close the gaps with confidence.
"Fortinet Threat Report Reveals Record Surge in Automated Cyberattacks"
"AI Powering a Dramatic Surge in Cyberthreats as Automated Scans Hit 36,000 Per Second"
"AI, Automation & Dark Web Fuel Evolving Threat Landscape" – Dark Reading
https://www.darkreading.com/remote-workforce/ai-automation-dark-web-fuel-evolving-threat-landscape
Published By: Daniel Parker, VP of Ethical Hacking, NetWorks Group
Publish Date: July 17th, 2025
Security news, tips, webinars, and more straight to your inbox.
