Crowdstrike Global Threat Report 2025

Keypoints

• Most cyber threat reports are structured into sections such as Foreword, Introduction, Threat Landscape Overview, Key Adversary Themes, and Recommendations, providing a comprehensive understanding of recent threat trends, threat actor activities, and defensive strategies.
• Key statistics from 2024 include a record low breakout time averaging 48 minutes (with the fastest at 51 seconds), a 442% increase in vishing attacks, and a 150% surge in China-nexus activity, indicating faster, more targeted, and sophisticated attacks.
• Malware-free detections dominated at 79%, reflecting a shift toward hands-on-keyboard techniques like social engineering, credential abuse, and living-off-the-land tactics rather than traditional malware, requiring organizations to adopt real-time threat hunting and identity protection strategies.
• Adversaries are leveraging generative AI to enhance social engineering and influence operations, creating deepfakes, convincing phishing content, and automating disinformation campaigns, making detection more challenging.
• Initial access continues to be primarily achieved via identity compromises and vulnerability exploitation; access brokers’ activity increased by 50%, underscoring the importance of identity and vulnerability management.
• Enterprising adversaries like FAMOUS CHOLLIMA demonstrated high operational tempo, using insider threats and fake personas to target multiple sectors worldwide, often combining social engineering with malware deployment for rapid, scalable operations.
• Proactive threat detection, AI-powered hunting, and strengthening cloud security are critical defenses needed to keep pace with fast-moving and intelligent adversaries in a complex, global threat environment.