CrowdStrike Holdings Inc. released a new report earlier this month that illustrates how cyber threats evolved significantly in 2024, with attackers pivoting towards malware-free incursions, AI-assisted social engineering, and cloud-focused vulnerabilities.
The 11th annual CrowdStrike Global Threat Report for 2025 details an increase in claimed Chinese-backed cyber activities, an explosion in “vishing,” or voice phishing, and identity-based assaults, and the expanding use of generative AI in cybercrime.
In 2024, CrowdStrike discovered that 79% of cyber incursions were malware-free, up from 40% in 2019. Attackers were found to be increasingly using genuine remote management and monitoring tools to circumvent standard security measures.
And the breakout time — the time it takes a perpetrator to move laterally within a compromised network after gaining initial access — plummeted to 48 minutes in 2024, with some attacks spreading in less than a minute. Identity-based assaults and social engineering had significant increases until 2024.