CrowdStrike’s 2025 Global Threat Report details the evolving cybersecurity landscape, emphasizing the increasing sophistication and business-like approach of cyber adversaries. The report underscores the rise of “enterprising adversaries” leveraging genAI for social engineering and malicious activities.
TLDR:
- The average breakout time has decreased to 48 minutes, with the fastest recorded breakout time being only 51 seconds.
- Voice phishing (vishing) attacks saw a significant increase of 442% between the first and second half of 2024.
- Attacks related to initial access accounted for 52% of the vulnerabilities observed by CrowdStrike in 2024.
- Advertisements for access brokers increased by 50% year-over-year, indicating a thriving business in providing access as a service.
- China-nexus activity surged by 150% overall, with some targeted industries experiencing a 200% to 300% increase in attacks compared to the previous year.
- 79% of detections in 2024 were malware-free, a significant increase from 40% in 2019, indicating a shift towards hands-on-keyboard techniques.
- 26 new adversaries were tracked by CrowdStrike in 2024, bringing the total to 257.
- Interactive intrusion campaigns increased by 35% year-over-year.
- Valid account abuse was responsible for 35% of cloud-related incidents.
- FAMOUS CHOLLIMA had 304 incidents, with nearly 40% representing insider threat operations.
- LLM-generated phishing messages had a 54% click-through rate, significantly higher than human-written phishing messages at 12%.
- New cloud intrusions increased 26% compared to 2023, indicating more threat actors are targeting cloud services.
- China-nexus intrusions increased 150% across all sectors on average compared to 2023
