An analysis found that cyberattacks are evolving into an "industrial ecosystem" with role sharing and automation. In this process, as artificial intelligence (AI) boosts attack efficiency, ransomware damage to corporations this year has surged 389% from a year earlier.
On May 28, at Fortinet Korea's office in Gangnam-gu, Seoul, Kim Young-pyo, chief information security officer (CISO) of Fortinet Korea, gave a lecture titled "The industrialization of cybercrime: What has changed?" and said, "Cyberattacks that used to be one-off and passive are recently shifting to an industrialized attack model."
Kim, the CISO, assessed that cybercrime is evolving into an industrial ecosystem segmented by role, such as ransomware development, initial intrusion, anonymous hosting, and money laundering. Unlike in the past, when a single hacker carried out an attack from start to finish, organizations with segmented roles now collaborate with one another.
Fortinet Korea analyzed that attack efficiency has risen sharply as AI-based automation is combined with this structure. According to FortiGuard Labs Insights, the number of global scanning and reconnaissance attempts—activities that search for hacking targets and find vulnerabilities—reached 116 billion last year but fell about 45% this year to around 64 billion.
Kim, the CISO, explained that efficiency is improving as attackers quickly exclude low-probability targets and concentrate on those with a higher likelihood of success.
Attack speed is getting faster. The "exploit lead time," the time from vulnerability disclosure to an actual attack, shortened from an average of 5.4 days last year to immediate to 24 hours this year. Ransomware damage is also growing rapidly, with the number of victim corporations rising from about 1,600 last year to 7,831 this year.
Kim, the CISO, said, "In the past, attack cycles sometimes stretched for months, but recently they are shifting to unfold within hours to a day."
With the spread of such threats, Fortinet Korea stressed that the need for "security by design" has grown. When building AI, cloud, and large language model (LLM) systems, security must be applied from the design stage, the company said, arguing that adding security after a service is built has limitations.
As a response strategy, Kim, the CISO, proposed a zero-trust-based continuous authentication system, microsegmentation (Micro Segmentation), and attack surface management. Even for internal users and devices, identities should be continuously verified, and networks should be segmented to prevent compromise from spreading across entire systems.
Kim said, "As AI advances, basic security frameworks are becoming more important," and added, "We need to establish continuous monitoring of attack likelihood and a proactive response system."