CrowdStrike Holdings Inc. released a new report earlier this month that illustrates how cyber threats evolved significantly in 2024, with attackers pivoting towards malware-free incursions, AI-assisted social engineering, and cloud-focused vulnerabilities.
The 11th annual CrowdStrike Global Threat Report for 2025 details an increase in claimed Chinese-backed cyber activities, an explosion in "vishing," or voice phishing, and identity-based assaults, and the expanding use of generative AI in cybercrime.
In 2024, CrowdStrike discovered that 79% of cyber incursions were malware-free, up from 40% in 2019. Attackers were found to be increasingly using genuine remote management and monitoring tools to circumvent standard security measures.
And the breakout time — the time it takes a perpetrator to move laterally within a compromised network after gaining initial access — plummeted to 48 minutes in 2024, with some attacks spreading in less than a minute. Identity-based assaults and social engineering had significant increases until 2024.
Vishing attacks increased more than fivefold, displacing traditional phishing as the dominant form of initial entry. Help desk impersonation attempts grew throughout the year, with adversaries convincing IT professionals to reset passwords or bypass multifactor authentication. Access broker adverts, in which attackers sell stolen credentials, increased by 50% through 2024, as more credentials were stolen and made available on both the clear and dark web. .
Alleged China-linked actors were also active throughout the year. CrowdStrike's researchers claim a 150% rise in activity, with some industries experiencing a 200% to 300% spike. The same groups are mentioned in the report as adopting strong OPSEC measures, making their attacks more difficult to track. CrowdStrike's annual report, like past year's, emphasises the growing use of AI in cybercrime.
Generative AI is now commonly used for social engineering, phishing, deepfake frauds, and automated disinformation campaigns. Notable AI initiatives include the North Korean-linked group FAMOUS CHOLLIMA, which used AI-powered fake job interviews to penetrate tech companies.
Mitigation tips
To combat rising security risks, CrowdStrike experts advocate improving identity security through phishing-resistant MFA, continuous monitoring of privileged accounts, and proactive threat hunting to discover malware-free incursions before attackers gain a foothold. Organisations should also incorporate real-time AI-driven threat detection, which ensures rapid response capabilities to mitigate fast-moving attacks, such as those with breakout periods of less than one minute.
In addition to identity protection, companies can strengthen cloud security by requiring least privilege access, monitoring API keys for unauthorised use, and safeguarding software-as-a-service apps from credential misuse. As attackers increasingly use automation and AI capabilities, defenders should implement advanced behavioural analytics and cross-domain visibility solutions to detect stealthy breaches and halt adversary operations before they escalate.
