CrowdStrike Global Threat Report 2025 – The Findings

CrowdStrike has recently released its 2025 Global Threat Report, aimed at examining emerging adversary trends and offering practical mitigation recommendations. The 2025 report is another stark reminder that adversaries are becoming more sophisticated than ever. Over the last 12 months, cyber attackers have adopted a more efficient, focused, and business-like approach, leveraging social engineering, AI, and innovative attack techniques. With cyber threats evolving rapidly, taking proactive measures, such as those offered in the report, is fundamental for safeguarding your business and staying ahead of attackers in the year ahead

‍

Threat Landscape Overview

The threat landscape has undergone a significant shift over the past 12 months, as malware has taken a back seat to hands-on-keyboard techniques that appear legitimate and evaded detection. Adversaries are targeting organisations' weaknesses, predominantly employees susceptible to social engineering and systems lacking modern security controls. Some of the key statistics from the report, highlighting how adversary techniques have evolved over the past year, include:

• Significantly Faster Breakout Time - the average time for an adversary to start moving laterally across a network fell from 62 minutes in 2023 to 48 minutes in 2024.
• Explosive Growth in Voice Phishing - voice phishing (vishing) attacks saw a 442% rise from the first to the second half of 2024.
• Huge Rise in Attacks Related to Initial Access - in 2024, more than half of the vulnerabilities observed by CrowdStrike were related to initial access. This was accompanied by a 50% year-over-year rise in advertisements for access brokers,
• Generative AI Played a Pivotal Role - generative AI has emerged as a key tool for adversaries, enhancing the efficacy of social engineering attempts.
• More Malware-Free Attacks - 79% of CrowdStrike's detections in 2024 were malware-free, making them harder to detect.

‍

2024 Themes and Trends

CrowdStrike's report offers detailed findings and recommendations that help businesses navigate the evolving threat landscape; these insights can be distilled into four key themes:

‍

1. Social Engineering

Since 2023, adversaries have increasingly used social engineering tactics to gain access and move laterally. This trend grew further in 2024 as threat actors attempted to access targeted accounts and persuade employees to provide remote access. CrowdStrike noted a considerable increase in distinct campaigns using telephone-oriented social engineering techniques, and vishing saw a significant rise, especially in the latter half of 2024. Meanwhile, several adversaries targeted IT help desks, impersonating legitimate employees to persuade help desk agents to reset passwords or authentication methods for their accounts.                            

‍

2. Generative AI and the Enterprise Adversary

The accessibility and low barrier to entry of Generative AI have made it an attractive tool for adversaries. In 2024, threat actors increasingly adopted the technology to support their social engineering efforts and campaigns to manipulate public perception. Due to the growing availability and capability of generative AI tools, along with their ability to create highly convincing outputs with minimal prompting or model training, their use will almost certainly continue to rise in 2025.

‍

3. Cloud-Conscious Innovation

Cloud-based intrusions surged in 2024, with new and unattributed attacks increasing by 26% compared to 2023. A key trend observed by CrowdStrike was the use of valid accounts as the primary method for gaining initial access, accounting for 35% of cloud incidents in the first half of 2024. Attackers increasingly adopted stealth tactics, accessing credentials without modifying them to avoid detection. Once inside, adversaries leveraged cloud management tools to move laterally and used cloud provider command-line tools for further exploitation.

‍

4. Enterprising Vulnerability Exploitation

In 2024, adversaries continued to exploit unmanaged, internet-exposed hosts, particularly network appliances, on the periphery of corporate networks, where traditional EDR (Endpoint Detection and Response) visibility is often limited. These devices remain attractive targets due to unresolved security vulnerabilities and deliberate exposure to external access. CrowdStrike observed that attackers frequently leveraged previously established attack vectors, repeatedly exploiting the same products. Rather than discovering new vulnerabilities, many threat actors relied on known weaknesses, refining their techniques to increase efficiency and impact.

‍

Mitigation Recommendations

As adversaries refine their tactics to move faster, leverage new technologies and exploit vulnerabilities, adopting proactive security strategies that prevent, detect, and respond to threats in real-time is vital. CrowdStrike's recommendations help address possible vulnerabilities within your business before cybercriminals can exploit them. Some of their top suggestions for strengthening your security posture include:

• Comprehensive Security of Identity Ecosystem - strengthen identity security by enforcing strict access controls, monitoring for compromised credentials, and ensuring only authorised users can access critical systems.
• Prioritise Proactive Threat Hunting and Threat Intelligence - AI-driven threat detection can help identify stealthy adversaries, detect anomalous activity on endpoints and public-facing applications, and prevent attacks before they escalate.
• Frequently Review Cloud Environments - regular reviews of cloud configurations, access controls, and credentials are crucial to hardening cloud environments against credential abuse and misconfigurations.
• Adopt an Adversary-Centric Approach - focussing on understanding attacker tactics, techniques, and procedures can help you anticipate and counter threats more effectively.
• Accelerate Response Times - improving incident response capabilities can help counter rapid breakout events before adversaries gain control of critical systems.
• Create a Culture of Security - educate employees on cybersecurity best practices, enforce strong security policies, and foster a workplace culture where vigilance against threats is a shared responsibility.

Protecting Your Business in 2025

One thing that is clear in CrowdStrike's report is that threat actors should never be underestimated. In 2024, they matured faster than ever, using innovative tools and techniques while finding creative solutions to bypass modern defences. However, implementing CrowdStrike's recommendations can significantly enhance your organisation's resilience against these evolving cyber threats and ensure you're better prepared to defend against future attacks.

To learn more about the specific threats outlined in the report and how to protect your business in 2025 and beyond, download the 2025 CrowdStrike Global Threat Report today.

‍