Here are a few key facts you should know about the shifting threat landscape Outlined in the Crowdstrike 2025 Global Threat Report:
- Breakout time — This is a measurement of how long it takes for an adversary to start moving laterally across your network — The figure, reached an all-time low in the past year with the average falling to 48 minutes, and the fastest breakout time observed dropped to a mere 51 seconds.
- Voice phishing (vishing) attacks, where adversaries call victims to amplify their activities with persuasive social engineering techniques, saw explosive growth with upwards of 442% growth in phishing attacks between the first and second half of 2024.
- Attacks related to initial access boomed, accounted for 52% of vulnerabilities observed by CrowdStrike in 2024. Providing access as a service became a thriving business, as advertisements for bad actor access brokers increased 50% year-over-year.
- Among nation-states, China-nexus activity surged 150% overall, with some targeted industries suffering 200% to 300% more attacks than seen in 2023.
- GenAI played a pivotal role in sophisticated cyberattack campaigns in 2024. It enabled FAMOUS CHOLLIMA that was used to create highly convincing fake IT job candidates that infiltrated victim organizations, and it helped China-, Russia-, and Iran-affiliated threat actors conduct AI-driven disinformation and influence operations to disrupt elections
GenAI Aiding Cyber Attacks
Generative artificial intelligence (genAI), for instance has become completely integrated within the cyber attackers arsenal. And it is proving to be highly effective in the hands of security adversaries across all major categories — nation-state, eCrime, and hacktivist, they have all become early and avid adopters.
According to the report, the “force multiplier” impact of off-the-shelf chat-bots has made genAI a popular addition to the global hacker toolbox, along with legitimate organizations, easy access to commercial large language models (LLMs) is also causing security adversaries more productive.
The Ai tech advances are reducing their learning curve and development cycle times, and it’s allowing them to increase the scale and pace of their activities.
eCrime Cyber Attacks Evolving
eCrime adversaries exemplified such enterprising cyberattacks, constantly adapting to shifting environments and quickly scaling effective operations.
Throughout 2024, initial access techniques began to shift — eCrime adversaries began moving away from phishing to alternative access methods.
The shift suggests that commodity malware operators are likely finding more effective and successful infections with innovative techniques as they face hardened security defenses.
One such technique that proliferated in 2024 is social engineering leveraging telephony-based exploitation: Various eCrime adversaries are increasingly adopting vishing, callback phishing, and help desk social engineering attacks to gain a foothold into networks.
Malware Use Declining with More Sophisticated Attacks Rising
These shifting initial access methods are consistent with a larger trend identified in the CrowdStrike 2024 Threat Hunting Report: Rather than delivering malware, eCrime adversaries are increasingly leveraging legitimate remote monitoring and management (RMM) tools to access a victim’s system — and therefore making malware non-essential for successful operations. Throughout 2024, eCrime actors frequently leveraged RMM tools in their campaigns.
While the report indicates that malicious use of AI is growing, it also points out that it remains largely iterative and evolutionary at this point in time, with rare cases of entirely novel security attack use cases.
