Arkose Labs has released “Enterprises Under Attack: Quarterly Threat Actor Patterns,” a new report detailing the escalating tactics of cybercriminals across various industries and providing security leaders with granular intelligence on attack origins and sector-specific differences.

Frank Teruel, Chief Operating Officer of Arkose Labs, stated, “The explosive surge in malicious traffic is a clear signal that attackers are scaling operations faster than ever before. As cybercriminals adopt the latest automation and AI tools, organizations must evolve just as rapidly to stay ahead. These numbers remind us that proactive, intelligence-driven defenses aren’t just a best practice, they’re a necessity.” The report highlights how cybercriminals operate, including attack timing, evolving toolkits, and the rise of global fraud hubs in regions like Brazil, Vietnam, and Nigeria.

Malicious traffic increased by nearly 20% from Q1 to Q2 2025. The use of attack automation services rose from 31% to 36% of all attacks within a single quarter, making complex, orchestrated threats more accessible. The average attack size grew by over 12%, indicating an increase in both the volume and scale of attacks. Account creation and sign-in processes are targeted in three-quarters of scams, with attackers shifting from basic bots to advanced AI-powered automation. Despite growth in mobile threats in some sectors, desktop remains the favored channel, accounting for 68% of attack traffic.

Fraud hubs are concentrated in Brazil (over 11%), Great Britain (nearly 10%), and Vietnam (over 6%), excluding U.

S. traffic. Fraud rings operate in shifts, with evening attack peaks observed in Pakistan (65%) and the Philippines (43%), and overnight surges in Vietnam (38%), Mexico (38%), and India (36%). Chrome is identified as the preferred browser for malicious activity, maintaining desktop dominance.

Dating platforms experienced a significant shift, with mobile attacks surging by 61% while desktop threats decreased by 16%. This altered the device distribution from 55% desktop to 39%. Nigeria accounted for 9% of all non-U.

S. attacks, highlighting sophisticated romance scam infrastructure in West Africa.

The Fintech sector saw a substantial escalation in sign-up fraud traffic, reaching 17 times the industry average. Great Britain was responsible for 44% of attacks targeting this sector.

Gaming platforms also faced intensified threats, with payment systems becoming increasing targets. Attack automation services in gaming-related attacks rose from 15% to 25%. The Roblox browser was associated with 18% of attacks, indicating a platform-specific vulnerability.

The comprehensive report offers in-depth analysis of nine industries, sector-specific attack patterns, and practical recommendations for converting threat data into actionable security outcomes.

Arkose Labs is a global provider of a proactive fraud deterrence platform designed to neutralize modern attacks, including those powered by Agentic AI and large language models (LLMs). Its solution integrates proprietary device identification, behavioral analysis, phishing protection, email intelligence, scraping prevention, API defense, and bot management. The platform is trusted by major consumer brands, including two of the top three banks, Microsoft, Meta, and Roblox. Arkose Labs aims to undermine attacker ROI by introducing dynamic friction, making persistent attacks economically unviable. Its Security Operations Center (SOC) provides actionable insights from an extensive cross-industry intelligence network that monitors legitimate traffic and attack patterns globally. The company collaborates with customers to disrupt organized fraud networks, such as Storm-1152. Headquartered in San Mateo, California, Arkose Labs operates globally with offices in APAC, Central America, EMEA, and South America.