Data Compares Q1 and Q2 and Finds Malicious Traffic Surges Nearly 20% Amid Rising Cyber Threats
Arkose Labs, the leading fraud prevention, device ID and bot management company, has published "Enterprises Under Attack: Quarterly Threat Actor Patterns," a new report released highlighting the intensifying tactics of cybercriminals across multiple industries. This deep-dive analysis provides security leaders with granular intelligence on how, when and where attacks originate and how they differ between sectors.
This report exposes how cybercriminals operate, from attack timing to evolving toolkits, while mapping the rise of global fraud hubs like Brazil, Vietnam and Nigeria. It also provides insights into traffic patterns and operational strategies of cybercriminals including attack timing, preferred geographies and evolving toolkits.
“The explosive surge in malicious traffic is a clear signal that attackers are scaling operations faster than ever before," said Frank Teruel, Chief Operating Officer of Arkose Labs. "As cybercriminals adopt the latest automation and AI tools, organizations must evolve just as rapidly to stay ahead. These numbers remind us that proactive, intelligence-driven defenses aren't just a best practice, they're a necessity.”
The Big Picture: Cybercrime by the Numbers
Malicious traffic surged nearly 20% from Q1 to Q2 2025 as cybercriminals intensified their efforts across industries. Attackers are rapidly adopting new tactics, the use of attack automation services rose from 31% to 36% of all attacks in just one quarter, making complex, orchestrated threats far more accessible. Average attack size grew by over 12%, demonstrating that not only are there more attacks, but they are also becoming larger and more aggressive in scale.
Account creation and sign-in processes remain the primary battlegrounds, with three-quarters of scams now targeting these critical workflows. Attackers are migrating from basic bots to advanced AI-powered automation, raising the bar for defenders. Despite notable growth in mobile-related threats in some sectors, desktop remains the favored channel for malicious activity, accounting for 68% of attack traffic.
Cross-Industry Trends and Global Fraud Patterns
- Fraud hubs are concentrated in Brazil (over 11%), Great Britain (nearly 10%) and Vietnam (over 6%) – excluding U.S. traffic, which often masks true origins.
- Fraud rings operate in shifts: evening attack peaks in Pakistan (65%) and the Philippines (43%), overnight surges in Vietnam (38%), Mexico (38%) and India (36%).
- Chrome is the browser of choice, with persistent desktop dominance.
Industry Highlights: Adapting to Unique Threats
Dating platforms faced a dramatic transformation, with a 61% surge in mobile attacks while desktop-based threats declined by 16%. This shift flipped the device distribution from 55% desktop to just 39%. Nigeria contributed 9% of all non-U.S. attacks, underscoring the prevalence of sophisticated romance scam infrastructure in West Africa.
Fintech experienced an exceptional escalation, as sign-up fraud traffic surged to 17 times the industry average. The threat landscape was further amplified by Great Britain, which was responsible for 44% of attacks targeting the sector.
Gaming was not immune to threat intensification, with payment systems increasingly targeted. Attack automation services became more prevalent, rising from 15% to 25% of all gaming-related attacks, while the Roblox browser accounted for 18% of attacks, demonstrating a platform-specific vulnerability.
Full Report Details
The complete report, available now, offers in-depth analysis of nine industries, sector-specific attack patterns and practical recommendations to turn threat data into actionable security outcomes. For access to the full report, please visit this page.
About Arkose Labs
Arkose Labs is the leading global provider offering a proactive fraud deterrence platform purpose-built to neutralize modern attacks, including those powered by Agentic AI and large language models (LLMs). Its comprehensive solution combines proprietary device identification (device ID), behavioral analysis, phishing protection, email intelligence, scraping prevention, API defense and bot management. Trusted by the world’s leading consumer brands—including two of the top three banks, Microsoft, Meta, Roblox, and many others—Arkose Labs stops account takeovers, fake account creation, LLM-driven scraping and SMS toll fraud. The platform actively undermines attacker ROI by introducing dynamic friction, making it economically unsustainable for adversaries to persist. Its Security Operations Center (SOC) provides actionable insights from an extensive cross-industry intelligence network, which monitors legitimate traffic and attack patterns across global enterprises. With unparalleled proactive support for internal security teams, Arkose Labs goes beyond conventional security by actively partnering with customers to disrupt organized fraud networks such as Storm-1152. Headquartered in San Mateo, California, the company maintains a global presence with offices throughout APAC, Central America, EMEA and South America.
View source version on businesswire.com: https://www.businesswire.com/news/home/20251105711457/en/
“The explosive surge in malicious traffic is a clear signal that attackers are scaling operations faster than ever before," said Frank Teruel, Chief Operating Officer of Arkose Labs.