The cybersecurity landscape is evolving at an unprecedented pace, and the CrowdStrike Global Threat Report 2025 provides a comprehensive overview of the latest trends, adversary tactics, and emerging threats. This year's report emphasizes the theme of "the enterprising adversary," highlighting how cybercriminals are becoming more efficient, focused, and business-like in their approach. Here are the key insights from the report. 

The Enterprising Adversary 

Adversaries are increasingly adopting generative artificial intelligence (genAI) to enhance their operations. Nation-state actors, eCrime groups, and hacktivists are leveraging off-the-shelf chatbots and commercial large language models (LLMs) to shorten their learning curves and increase the scale and pace of their activities. While the malicious use of AI is still largely iterative, it is expected to evolve rapidly. 

Breakout Time and Vishing Attacks 

The report reveals that the average breakout time—how long it takes for an adversary to start moving laterally across a network—reached an all-time low of 48 minutes, with the fastest observed breakout time being just 51 seconds. Additionally, voice phishing (vishing) attacks saw explosive growth, increasing by 442% between the first and second half of 2024. 

Initial Access and Vulnerabilities 

Initial access techniques accounted for 52% of vulnerabilities observed by CrowdStrike in 2024. Providing access as a service has become a thriving business, with advertisements for access brokers increasing by 50% year-over-year. Among nation-states, China-nexus activity surged 150%, with some industries experiencing 200-300% more attacks than the previous year. 

Generative AI and Social Engineering 

Generative AI played a pivotal role in sophisticated cyberattack campaigns in 2024. It enabled adversaries like FAMOUS CHOLLIMA to create highly convincing fake IT job candidates that infiltrated victim organizations. China-, Russia-, and Iran-affiliated threat actors conducted AI-driven disinformation and influence operations to disrupt elections. 

Interactive Intrusions and Malware-Free Attacks 

Modern cyber threats are increasingly dominated by interactive intrusion techniques, where adversaries execute hands-on-keyboard actions to achieve their objectives. In 2024, 79% of the detections observed by CrowdStrike were malware-free, indicating that adversaries are using hands-on-keyboard techniques that blend in with legitimate user activity. 

China's Cyber Enterprise 

China's cyber espionage operations reached new levels of maturity in 2024, with a 150% increase in activity across all sectors. China-nexus adversaries are pre-positioning themselves into critical networks, supported by industry networking and larger ecosystems that include shared tooling and training pipelines. 

Cloud-Conscious Threat Actors 

Cloud-conscious adversaries are beginning to explore genAI and LLMs for their operations. In 2024, new and unattributed cloud intrusions increased by 26% compared to 2023. Adversaries are exploiting cloud services, leveraging valid accounts for initial access, and using cloud environment management tools for lateral movement. 

Vulnerability Exploitation 

Threat actors continued to target devices in the network periphery in 2024, leveraging publicly available vulnerability research to aid their malicious activity. Exploit chaining—combining two or more exploits to compose an attack sequence—became a popular method for achieving remote code execution (RCE). 

SaaS Exploitation 

Enterprising adversaries are expected to continue seeking advanced exploitation opportunities across cloud-based SaaS applications in 2025. Threat actors are leveraging access to SaaS applications to obtain data for lateral movement, extortion, and downstream targeting of third parties. 

Final Thoughts 

The CrowdStrike Global Threat Report 2025 underscores the critical need for organizations to stay ahead of enterprising adversaries. By understanding the latest trends and tactics, security professionals can better prepare and protect their organizations from evolving threats. CrowdStrike remains dedicated to stopping breaches and working closely with customers to defend against sophisticated cyber threats. 

Recommendations 

To mitigate the risks highlighted in the report, organizations should: 

• Secure the entire identity ecosystem: Adopt phishing-resistant MFA solutions and strong identity and access policies. 

• Eliminate cross-domain visibility gaps: Modernize detection and response strategies with XDR and next-generation SIEM solutions. 

• Defend the cloud as core infrastructure: Implement CNAPPs with CDR capabilities and enforce strict access controls. 

• Prioritize vulnerabilities with an adversary-centric approach: Regularly patch critical systems and monitor for signs of exploit chaining. 

• Know your adversary and be prepared: Use threat intelligence to understand adversary tactics and prioritize resources. 

• 
  

By following these recommendations, organizations can enhance their defenses and stay one step ahead of enterprising adversaries. If you need help with your cybersecurity please do not hesitate to reach out to us at [email protected] 

To see the full CrowdStrike 2025 Global Threat Report go here CrowdStrike 2025 Global Threat Report 

Put your IT environment to the test with a FREE Cybersecurity Assessment. This in-depth evaluation identifies vulnerabilities, uncovers potential risks, and offers actionable insights to enhance your cyber resilience. Don't wait for a breach to happen, empower your business with the knowledge to safeguard your data and reputation.

Contact us here to learn more!