Data Compares Q1 and Q2 and Finds Malicious Traffic Surges Nearly 20% Amid Rising Cyber Threats
Arkose Labs, the leading fraud prevention, device ID and bot management company, has published “Enterprises Under Attack: Quarterly Threat Actor Patterns,” a new report released highlighting the intensifying tactics of cybercriminals across multiple industries. This deep-dive analysis provides security leaders with granular intelligence on how, when and where attacks originate and how they differ between sectors.
This report exposes how cybercriminals operate, from attack timing to evolving toolkits, while mapping the rise of global fraud hubs like Brazil, Vietnam and Nigeria. It also provides insights into traffic patterns and operational strategies of cybercriminals including attack timing, preferred geographies and evolving toolkits.
“The explosive surge in malicious traffic is a clear signal that attackers are scaling operations faster than ever before,” said Frank Teruel, Chief Operating Officer of Arkose Labs. “As cybercriminals adopt the latest automation and AI tools, organizations must evolve just as rapidly to stay ahead. These numbers remind us that proactive, intelligence-driven defenses aren’t just a best practice, they’re a necessity.”
The Big Picture: Cybercrime by the Numbers
Malicious traffic surged nearly 20% from Q1 to Q2 2025 as cybercriminals intensified their efforts across industries. Attackers are rapidly adopting new tactics, the use of attack automation services rose from 31% to 36% of all attacks in just one quarter, making complex, orchestrated threats far more accessible. Average attack size grew by over 12%, demonstrating that not only are there more attacks, but they are also becoming larger and more aggressive in scale.
Account creation and sign-in processes remain the primary battlegrounds, with three-quarters of scams now targeting these critical workflows. Attackers are migrating from basic bots to advanced AI-powered automation, raising the bar for defenders. Despite notable growth in mobile-related threats in some sectors, desktop remains the favored channel for malicious activity, accounting for 68% of attack traffic.
Cross-Industry Trends and Global Fraud Patterns
- Fraud hubs are concentrated in Brazil (over 11%), Great Britain (nearly 10%) and Vietnam (over 6%) – excluding U.S. traffic, which often masks true origins.
- Fraud rings operate in shifts: evening attack peaks in Pakistan (65%) and the Philippines (43%), overnight surges in Vietnam (38%), Mexico (38%) and India (36%).
- Chrome is the browser of choice, with persistent desktop dominance.
Industry Highlights: Adapting to Unique Threats
Dating platforms faced a dramatic transformation, with a 61% surge in mobile attacks while desktop-based threats declined by 16%. This shift flipped the device distribution from 55% desktop to just 39%. Nigeria contributed 9% of all non-U.S. attacks, underscoring the prevalence of sophisticated romance scam infrastructure in West Africa.
Fintech experienced an exceptional escalation, as sign-up fraud traffic surged to 17 times the industry average. The threat landscape was further amplified by Great Britain, which was responsible for 44% of attacks targeting the sector.
Gaming was not immune to threat intensification, with payment systems increasingly targeted. Attack automation services became more prevalent, rising from 15% to 25% of all gaming-related attacks, while the Roblox browser accounted for 18% of attacks, demonstrating a platform-specific vulnerability.
Full Report Details
The complete report, available now, offers in-depth analysis of nine industries, sector-specific attack patterns and practical recommendations to turn threat data into actionable security outcomes. For access to the full report, please visit this page.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!