A recent report from Arkose Labs, Enterprises Under Attack: Quarterly Threat Actor Patterns, reveals a number of trends differentiating Q2 2025 from Q1. The rise of AI and crime-as-a-service is reshaping the global threat landscape, contributing to the democratization of fraud. Anyone can now purchase scalable cybercrime tools rather than needing to build up and rely on their own skills for each stage of a cyberattack. There is an increasingly blurred boundary between automation and agency in modern attacks.
Fraud as a Business Model
Rather than being the simple threat of a bad actor launching an attack, cybercrime has grown into organized fraud rings working in shifts and targeting platforms with ROI in mind. The “fraud supply chain” has evolved to incorporate agentic AI tools, device farms, and behavioral mimicry, advancing tactics in order to evade traditional threat detection and response tools and increase effectiveness.
According to the Arkose Labs report, the usage of attack automation services grew from accounting for 31% to 36% of total attacks just from Q1 to Q2 2025. It is no longer necessary for attackers to learn complex skills or make clandestine connections with other bad actors in order to carry out sophisticated fraud attacks. The economy of cybercrime is both growing and shifting to take advantage of emerging and evolving automation technology.
Mobile Becomes the New Battleground
While desktop attacks continue to have a strong presence in the threat landscape, mobile threats are steeply increasing in volume. The report shows a 180% surge in mobile retail attacks, compared to only a 35% increase in retail industry attacks originating from desktop environments. There was also a 61% spike in dating fraud attacks originating from mobile devices from Q1 to Q2, primarily via Mobile Safari, Chrome Webview, and Chrome Mobile.
The mobile landscape is ripe for cyberthreats as many users assume mobile security is much higher than it is, leading to taking fewer precautions against attacks. Attackers exploit APIs and mobile authentication flows in order to take advantage of security gaps and carry out fraudulent attacks. The existence of “emulator economies” is on the rise, compromising mobile security in an environment where many consider mobile safety to be much higher than it is in reality.
Global Hotbeds and the Geography of Fraud
There are shifts in the geographic centers of fraud and cyberattacks indicated in the report: Brazil, Great Britain, and Vietnam are cited as leading sources of attacks. Evidence of round-the-clock operations suggests the existence of fraud “shifts” in cybercriminal groups.
Different regions also show different specializations in their attack tactics:
- Nigerian actors favoring romance scams, with Ghana’s attack volumes contributing to West African prominence in dating industry attacks.
- Latin American trends toward social media abuse, led by Brazil, with lower attack volumes from Mexico, Argentina, Venezuela, and Colombia.
- British attackers dominate takeovers of financial technology, accounting for almost 44% of fintech attacks.
Industry in Focus: From Love to Loot
Various industries and areas demonstrate trends in specific tactics and goals. The report shows a 354% rise in malicious traffic related to dating industry attacks, and a 94% surge in dating industry attack automation services, demonstrating attackers using manipulation tactics to garner payouts. The retail industry is seeing a fragmentation of attacks leveraging sign-up abuse and exploitation, taking advantage of promotions and referrals, leading to a 97% increase in attacks but a 55% decrease in malicious traffic.
The fintech industry demonstrates a 478% spike in malicious sign-up traffic tied to credential fraud, with a 26% increase in attacks and a 358% increase in average attack size. The modest rise in attack volume, accompanied by massive spikes in traffic and attack size, demonstrates a significantly higher intensity within each individual incident.
The Human Impact: Trust Under Siege
Defending against rising and evolving attacks is difficult, as user friction increases while defenses tighten. There is a paradox of “secure experiences” that actually erode user trust: security processes that slow users down, complex measures that require many user decisions or actions, and tedious authentication processes frustrate users more than make them feel safe.
Protecting user experience now requires understanding attacker economics. Implementing untargeted, static tools and measures to detect and block cyberattacks can lead to cumbersome operations that put users off. It is more important than ever to deploy adaptive, scalable tools that account for shifting threat trends, evolving cybercriminal tactics, and growing risks over time.
From Detection to Disruption
The defenses used in the past to protect against traditional attacks are no longer effective in modern threat landscapes. Static defenses fail in the age of adaptive AI, unable to detect and identify the malicious activity of AI tools. Rather, modern threats call for the use of behavioral biometrics, proof-of-work deterrence, and continuous risk modeling. It is also crucial to update training on phishing and social engineering to account for sophisticated, AI-enhanced attacks.
“AI-powered impersonation attempts, whether via email, phone calls, text, or even deepfake video, are now harder than ever to distinguish from legitimate communication,” says Chad Cragle, Chief Information Security Officer at Deepwatch. Cragle’s tips for protecting against these advanced attacks include validating any unexpected requests through secure channels, identifying inconsistencies that may give away AI-generated scams, and directly calling official numbers rather than replying to suspicious communications claiming to be from trusted sources.
The Arms Race Between Humans and Machines
In the 2025 threat landscape, fraud is no longer an anomaly among more popular attack types—it’s a mirror of digital society’s complexity. Enterprises must treat fraud defense not as a cost center, but as trust infrastructure, prioritizing it to ensure the security of their data and systems. Following attack trends and investing in tools and measures that can meet emerging and evolving threat tactics is a crucial part of maintaining the effectiveness of a robust security strategy.
