Cyber Threats Surge 84% in 2025 as Attackers Exploit IoT, OT, and AI Platforms

The global cybersecurity landscape faced unprecedented challenges in 2025, with threat actors dramatically escalating their attacks against critical infrastructure, Internet of Things (IoT) devices, and operational technology (OT) systems. A comprehensive new report from Forescout Technologies reveals a staggering 84 percent increase in attacks utilizing OT protocols, while exploits targeting IoT devices rose from 16 percent to 19 percent throughout the year.

The New Face of Global Cyber Warfare

The digital battlefield has transformed dramatically, with cyberattacks becoming more globally distributed and increasingly cloud-enabled. Threat actors have shifted their focus to exploiting rapidly evolving infrastructure, OT protocols, vulnerable web applications, and emerging artificial intelligence platforms. The most concerning aspect? These attacks are increasingly targeting critical industries that form the backbone of modern society.

Healthcare facilities, manufacturing plants, government institutions, energy grids, and financial services have all experienced heightened attack volumes. This represents a dangerous escalation in cyber warfare, where the targets are no longer just data repositories but systems that control physical infrastructure and public safety.

“The 2025 Threat Roundup shows how quickly threat actors are adapting to new technology trends — abusing cloud services and fast-cycling Autonomous Systems, and even components in popular AI development stacks like Langflow,” warns Barry Mainz, CEO of Forescout. “To combat these threats in 2026, organizations must monitor East-West traffic and prioritize threat containment to stop attackers from moving laterally across environments. Deeper visibility, enhanced risk assessment, and proactive controls are non-negotiables for today’s defenders.”

A Truly Global Threat Landscape

Cybersecurity has evolved into a truly global issue, with attacks originating from 214 different countries and territories in 2025. The geographic distribution of threat actors reveals a concerning pattern, with most malicious activity traced back to China, Russia, and Iran. However, the landscape is becoming increasingly complex as attackers utilize IP addresses registered across a wider array of countries.

The United States continues to be the most targeted nation, followed by India and Germany. Interestingly, India and Germany swapped positions compared to 2024, though both nations remain firmly entrenched in the top three most targeted countries. This shift reflects changing geopolitical dynamics and the evolving priorities of threat actors.

One of the most striking revelations from the report is the rapid turnover in malicious infrastructure. Two of the top 10 most exploited Autonomous Systems from 2024 completely disappeared from the list in 2025, while three new entries had not previously ranked in the top 500. This constant evolution makes it increasingly difficult for defenders to maintain effective threat intelligence and block malicious activity.

Cloud Infrastructure: A Double-Edged Sword

The abuse of major cloud infrastructure providers has reached alarming levels, with Amazon and Google services responsible for more than 15 percent of observed attacks in 2025. This represents a significant increase from 11 percent in 2024, highlighting how threat actors are leveraging legitimate cloud services to conduct their operations.

The rapid cycling of network infrastructure used for malicious activity, including Autonomous Systems, has been partly driven by intense law enforcement disruption efforts. While these disruptions have had some success in taking down malicious infrastructure, they’ve also forced attackers to become more agile and adaptive in their approach.

Web Applications: The Primary Attack Vector

Web applications remain the most attacked service type, accounting for 61 percent of all observed attacks in 2025. This represents a dramatic increase from 41 percent in 2024, suggesting that attackers are finding web applications to be increasingly vulnerable or valuable targets.

Remote management protocols constitute the second most targeted attack vector at 15 percent, indicating that attackers are focusing on gaining administrative control over systems and networks.

The Reconnaissance Revolution

Perhaps the most significant tactical shift observed in 2025 is the dramatic increase in reconnaissance activity. Daniel dos Santos, Vice President of Research at Forescout, reveals a startling statistic: “Threat actors are devoting far more effort to reconnaissance, with discovery activity now accounting for 91 percent of post-exploitation actions. That’s up from just 25 percent in 2023 — a dramatic increase that shows attackers are spending more time interacting with breached systems to understand what’s inside or to identify other targets within the network.”

This shift in attacker behavior presents both challenges and opportunities for defenders. The extended reconnaissance phase gives organizations a larger window to detect compromise before more damaging actions — such as data exfiltration, deletion, or encryption — can occur.

Critical Infrastructure Under Siege

The targeting of critical infrastructure represents perhaps the most concerning trend identified in the report. Healthcare facilities, which became prime targets during the COVID-19 pandemic, continue to face significant threats. Manufacturing plants, which control physical production processes, are increasingly vulnerable to attacks that could disrupt supply chains and economic activity.

Government institutions face threats not just to their data but to their ability to provide essential services to citizens. Energy grids, which control electricity and utilities, represent particularly dangerous targets that could impact millions of people. Financial services, which underpin the global economy, face threats that could destabilize markets and erode public trust.

The AI Factor: Emerging Attack Surfaces

The report highlights how threat actors are increasingly targeting emerging AI platforms and development stacks. The mention of Langflow, a popular AI development tool, suggests that attackers are focusing on the tools and platforms that developers use to build AI applications.

This targeting of AI infrastructure represents a new frontier in cybersecurity, as organizations rush to adopt AI technologies without fully understanding the security implications. The rapid adoption of AI tools, combined with their often experimental nature, creates fertile ground for attackers to exploit vulnerabilities.

Looking Ahead: The Road to 2026

As organizations prepare for 2026, the report emphasizes several critical priorities. Monitoring East-West traffic — communication between systems within a network rather than inbound and outbound traffic — has become essential for detecting lateral movement by attackers.

Network segmentation across IT, IoT, and OT environments is no longer optional but a critical requirement for preventing the spread of attacks. The traditional approach of treating all network traffic equally has proven ineffective against modern, sophisticated attacks.

Enhanced visibility into network traffic and system behavior is crucial for early detection of compromise. Organizations need to understand not just what systems exist on their networks, but how they communicate and what normal behavior looks like.

Proactive controls, including automated response capabilities and threat containment measures, are essential for stopping attacks before they can cause significant damage. The report emphasizes that these measures are “non-negotiables for today’s defenders.”

The Human Factor

While the report focuses heavily on technical aspects of cybersecurity, it’s worth noting that many successful attacks still rely on human factors. Phishing, social engineering, and exploitation of human trust remain effective tactics for gaining initial access to networks.

The increasing complexity of IT environments, with the proliferation of IoT devices, cloud services, and AI tools, has expanded the attack surface while simultaneously making it more difficult for security teams to maintain visibility and control.

Conclusion: A Call to Action

The 2025 Threat Roundup from Forescout paints a sobering picture of the current cybersecurity landscape. The dramatic increases in attacks against OT protocols and IoT devices, combined with the sophisticated targeting of critical infrastructure and emerging technologies, suggest that organizations face an increasingly dangerous threat environment.

However, the report also provides valuable insights that can help defenders adapt their strategies. The increased focus on reconnaissance by attackers provides a detection window that organizations can exploit. The emphasis on network segmentation, enhanced visibility, and proactive controls offers a roadmap for improving security posture.

As we move into 2026, organizations must recognize that cybersecurity is no longer just an IT issue but a fundamental business and operational concern. The increasing targeting of critical infrastructure means that cybersecurity failures can have real-world consequences that extend far beyond data loss or financial damage.

The question is no longer whether organizations will face sophisticated cyberattacks, but when and how prepared they will be to defend against them. The findings from this report suggest that preparation, vigilance, and adaptation are more critical than ever.

Tags: cybersecurity, cyber threats, IoT security, OT protocols, cloud security, AI security, threat intelligence, network segmentation, reconnaissance, critical infrastructure, Forescout, cyber warfare, data protection, security operations, incident response, vulnerability management, attack vectors, malicious infrastructure, Autonomous Systems, web application security, remote management, lateral movement, threat containment, security visibility, proactive controls, emerging threats, global cybersecurity, digital transformation, security posture, cyber defense, risk assessment

Viral Sentences: “Cyber attacks surge 84% as threat actors exploit IoT and OT systems in 2025,” “Attackers spend 91% of post-exploitation time on reconnaissance, giving defenders a crucial detection window,” “Amazon and Google cloud infrastructure abused in 15% of observed attacks,” “Critical infrastructure including healthcare, energy, and financial services face unprecedented cyber threats,” “Two of top 10 malicious Autonomous Systems from 2024 completely disappear from 2025 rankings,” “AI development stacks like Langflow become new attack targets as threat actors adapt to emerging tech,” “United States, India, and Germany remain top three most targeted countries in global cyber warfare,” “Web applications account for 61% of all attacks as vulnerability exploitation reaches new heights,” “Network infrastructure used for malicious activity cycles rapidly due to law enforcement disruption efforts,” “Organizations must prioritize East-West traffic monitoring and network segmentation to survive 2026 cyber threats”

,