CrowdStrike this week published its 2025 Global Threat Report, which summarizes the latest adversary tactics and techniques, as well as important trends that defined 2024.
The cybersecurity giant started tracking 26 new threat groups in 2024, which brought the total number of adversaries known by the company to 257.
CrowdStrike pointed out that China-linked activity surged, with a 150% increase seen across all sectors, and a rise of 200-300% in industries such as financial services, media, manufacturing, and industrials and engineering compared to 2023.
One interesting aspect that CrowdStrike has been tracking is breakout time, the time it takes threat actors to move from initial access to high-value assets. This breakout time is important because that is how much time defenders have to detect and respond to an attack before the hackers start establishing deeper control.
In 2024, the average breakout time in the case of cybercrime intrusions dropped to 48 minutes, from 62 minutes in 2023, and the fastest breakout seen by CrowdStrike last year was just 51 seconds.
Over half of the vulnerabilities seen by CrowdStrike last year were related to initial access, which the company says reinforces the need to secure exposed systems. It also noted that identity-based attacks are increasingly favored over traditional malware attacks.
Access broker activity surged in 2024, increasing by 50% compared to the previous year, and valid credential abuse was involved in 35% of cloud incidents.
The security firm found that 79% of the detections in 2024 were free of malware, which is a significant increase compared to five years ago, when only 40% of detections were malware-free.
The company also found that vishing attacks “skyrocketed”, increasing by 442% between the first and second half of the year.
“As adversaries scale identity-based attacks and vulnerability exploitation, organizations must adopt proactive defense strategies, including identity verification, risk-based patching, and early detection of credential abuse, to disrupt adversary operations before they escalate,” CrowdStrike recommends.
The full CrowdStrike 2025 Global Threat Report is available in PDF format.
Related: WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors
Related: China Targeted Foreign Investment, Sanctions Offices in Treasury Hack
