CrowdStrike has recently released its 2025 Global Threat Report, aimed at examining emerging adversary trends and offering practical mitigation recommendations. The 2025 report is another stark reminder that adversaries are becoming more sophisticated than ever. Over the last 12 months, cyber attackers have adopted a more efficient, focused, and business-like approach, leveraging social engineering, AI, and innovative attack techniques. With cyber threats evolving rapidly, taking proactive measures, such as those offered in the report, is fundamental for safeguarding your business and staying ahead of attackers in the year ahead
The threat landscape has undergone a significant shift over the past 12 months, as malware has taken a back seat to hands-on-keyboard techniques that appear legitimate and evaded detection. Adversaries are targeting organisations' weaknesses, predominantly employees susceptible to social engineering and systems lacking modern security controls. Some of the key statistics from the report, highlighting how adversary techniques have evolved over the past year, include:
CrowdStrike's report offers detailed findings and recommendations that help businesses navigate the evolving threat landscape; these insights can be distilled into four key themes:
1. Social Engineering
Since 2023, adversaries have increasingly used social engineering tactics to gain access and move laterally. This trend grew further in 2024 as threat actors attempted to access targeted accounts and persuade employees to provide remote access. CrowdStrike noted a considerable increase in distinct campaigns using telephone-oriented social engineering techniques, and vishing saw a significant rise, especially in the latter half of 2024. Meanwhile, several adversaries targeted IT help desks, impersonating legitimate employees to persuade help desk agents to reset passwords or authentication methods for their accounts.
2. Generative AI and the Enterprise Adversary
The accessibility and low barrier to entry of Generative AI have made it an attractive tool for adversaries. In 2024, threat actors increasingly adopted the technology to support their social engineering efforts and campaigns to manipulate public perception. Due to the growing availability and capability of generative AI tools, along with their ability to create highly convincing outputs with minimal prompting or model training, their use will almost certainly continue to rise in 2025.
3. Cloud-Conscious Innovation
Cloud-based intrusions surged in 2024, with new and unattributed attacks increasing by 26% compared to 2023. A key trend observed by CrowdStrike was the use of valid accounts as the primary method for gaining initial access, accounting for 35% of cloud incidents in the first half of 2024. Attackers increasingly adopted stealth tactics, accessing credentials without modifying them to avoid detection. Once inside, adversaries leveraged cloud management tools to move laterally and used cloud provider command-line tools for further exploitation.
4. Enterprising Vulnerability Exploitation
In 2024, adversaries continued to exploit unmanaged, internet-exposed hosts, particularly network appliances, on the periphery of corporate networks, where traditional EDR (Endpoint Detection and Response) visibility is often limited. These devices remain attractive targets due to unresolved security vulnerabilities and deliberate exposure to external access. CrowdStrike observed that attackers frequently leveraged previously established attack vectors, repeatedly exploiting the same products. Rather than discovering new vulnerabilities, many threat actors relied on known weaknesses, refining their techniques to increase efficiency and impact.
As adversaries refine their tactics to move faster, leverage new technologies and exploit vulnerabilities, adopting proactive security strategies that prevent, detect, and respond to threats in real-time is vital. CrowdStrike's recommendations help address possible vulnerabilities within your business before cybercriminals can exploit them. Some of their top suggestions for strengthening your security posture include:
One thing that is clear in CrowdStrike's report is that threat actors should never be underestimated. In 2024, they matured faster than ever, using innovative tools and techniques while finding creative solutions to bypass modern defences. However, implementing CrowdStrike's recommendations can significantly enhance your organisation's resilience against these evolving cyber threats and ensure you're better prepared to defend against future attacks.
To learn more about the specific threats outlined in the report and how to protect your business in 2025 and beyond, download the 2025 CrowdStrike Global Threat Report today.