CrowdStrike’s 2025 Global Threat Report details the evolving cybersecurity landscape, emphasizing the increasing sophistication and business-like approach of cyber adversaries. The report underscores the rise of “enterprising adversaries” leveraging genAI for social engineering and malicious activities.

TLDR:

• The average breakout time has decreased to 48 minutes, with the fastest recorded breakout time being only 51 seconds.
• Voice phishing (vishing) attacks saw a significant increase of 442% between the first and second half of 2024.
• Attacks related to initial access accounted for 52% of the vulnerabilities observed by CrowdStrike in 2024.
• Advertisements for access brokers increased by 50% year-over-year, indicating a thriving business in providing access as a service.
• China-nexus activity surged by 150% overall, with some targeted industries experiencing a 200% to 300% increase in attacks compared to the previous year.
• 79% of detections in 2024 were malware-free, a significant increase from 40% in 2019, indicating a shift towards hands-on-keyboard techniques.
• 26 new adversaries were tracked by CrowdStrike in 2024, bringing the total to 257.
• Interactive intrusion campaigns increased by 35% year-over-year.
• Valid account abuse was responsible for 35% of cloud-related incidents.
• FAMOUS CHOLLIMA had 304 incidents, with nearly 40% representing insider threat operations.
• LLM-generated phishing messages had a 54% click-through rate, significantly higher than human-written phishing messages at 12%.
• New cloud intrusions increased 26% compared to 2023, indicating more threat actors are targeting cloud services.
• China-nexus intrusions increased 150% across all sectors on average compared to 2023