CrowdStrike 2025 Global Threat Report:
What West Houston Businesses Need to Know

The cybersecurity world has evolved dramatically over the past year, with threat actors becoming increasingly sophisticated, efficient, and business-like in their approaches. CrowdStrike’s 2025 Global Threat Report provides critical insights into these emerging threats, highlighting the rise of what they call “the enterprising adversary.”

 The Shifting Threat Environment: Key Facts

The 2025 Global Threat Report reveals alarming trends in how quickly and efficiently adversaries are operating:

• Breakout time reached an all-time low in 2024: The average time for an adversary to move laterally across a network fell to just 48 minutes, with the fastest breakout time recorded at a mere 51 seconds.
• Voice phishing (vishing) attacks increased by 442% between the first and second half of 2024, as adversaries added human interaction to their attack arsenal.
• Initial access attacks boomed, accounting for 52% of vulnerabilities observed by CrowdStrike in 2024, with access broker advertisements increasing 50% year-over-year.
• China-nexus activity surged 150% overall, with some targeted industries experiencing 200% to 300% more attacks than the previous year.
• Malware-free attacks reached 79% of detections in 2024, up dramatically from 40% in 2019, making these attacks harder to detect with traditional tools.
• GenAI played a pivotal role in sophisticated cyberattack campaigns, enabling adversaries to create highly convincing fake personas and conduct AI-driven disinformation operations. LLM-generated phishing messages showed a significantly higher click-through rate (54%) compared to human-written ones (12%).

 The Growing Reliance on Identity Attacks and Vulnerability Exploits

Adversaries are increasingly focusing on identity-based attacks as their entry point of choice. Rather than relying on traditional malware, they’re employing faster and stealthier methods, including:

• Vishing and social engineering
• Access broker services
• Trusted relationship abuse

The report notes that valid account abuse was responsible for 35% of cloud-related incidents, reflecting attackers’ growing focus on identity compromise as a gateway to broader enterprise environments.

Simultaneously, vulnerability exploitation remains a primary concern, with 52% of observed vulnerabilities in 2024 linked to initial access, underscoring the need for organizations to patch exposed systems promptly.

 The Continued Rise of Interactive Intrusions

Modern cyber threats are increasingly dominated by “interactive intrusion” techniques, where human adversaries execute hands-on-keyboard actions to achieve their objectives. Unlike traditional malware attacks, these intrusions involve adversaries mimicking legitimate user or administrator behavior, making them exceptionally difficult to detect.

(Interactive intrusions by region, January-December 2024 – Source: CrowdStrike 2025 Global Threat Report)

In 2024, CrowdStrike observed a 35% year-over-year increase in interactive intrusion campaigns. The technology sector remained the most targeted industry for the seventh consecutive year, with high attack volumes also observed in consulting, manufacturing, and retail.

(industries targeted by interactive intrusions, January-December 2024- Source: CrowdStrike 2025 Global Threat Report)

 Breakout Time: The Race Against Adversaries

Perhaps most concerning is how quickly attackers can now move through compromised networks. The average breakout time for interactive eCrime intrusions fell to 48 minutes in 2024, down from 62 minutes in 2023. The fastest breakout time observed was just 51 seconds — meaning defenders may have less than a minute to detect and respond before attackers establish deeper control.

This rapid pace presents significant challenges for security teams, requiring real-time threat detection, robust identity controls, and proactive threat hunting to identify pre-attack behaviors.

 Key Adversary Themes: The Business of Social Engineering

2024 Vishing Trends

Social engineering techniques, particularly vishing, emerged as a dominant trend in 2024. CrowdStrike observed a 40% compounded monthly growth rate in vishing operations, with several eCrime adversaries incorporating these tactics into their intrusions.

In these campaigns, threat actors typically:

1. Call targeted users impersonating IT support staff
2. Persuade victims to download malicious payloads or establish remote support sessions
3. Use this access to deploy tools for persistence, conduct reconnaissance, and exfiltrate data

Three notable actors using these techniques include:

• CURLY SPIDER: Uses spam bombing as a pretext for vishing calls, deploying tools for persistence and data exfiltration
• CHATTY SPIDER: Employs callback phishing targeting legal and insurance sectors
• PLUMP SPIDER: Targets Brazilian organizations with vishing calls to conduct wire fraud

(Vishing intrusions detected by CrowdStrike OverWatch per month, 2024 – Source: CrowdStrike 2025 Global Threat Report)

Help Desk Social Engineering

Another rising threat is help desk social engineering, where threat actors call an organization’s IT help desk and impersonate legitimate employees to persuade help desk agents to reset passwords or MFA for relevant accounts. Multiple eCrime actors adopted this technique in 2024, targeting academic and healthcare entities to access cloud-based SaaS applications or modify employee payroll data.

In most help desk social engineering incidents, calls were made outside the victim’s local business hours, allowing threat actors to maintain longer access before the legitimate owner reports suspicious activity.

 Generative AI and the Enterprising Adversary

GenAI has emerged as a powerful tool for adversaries, with a low barrier to entry making it widely accessible. Throughout 2024, adversaries increasingly adopted GenAI to support:

Social Engineering

• FAMOUS CHOLLIMA created fictitious LinkedIn profiles with GenAI-created text and fake profile images
• Deepfake video and voice clones enabled business email compromise schemes
• Studies validated that LLM-generated phishing messages had a significantly higher click-through rate (54%) than human-written messages (12%)

Information Operations

• China-aligned, LLM-powered networks posted coordinated inauthentic behavior on social media
• Russia-aligned operators used LLMs to spread disinformation

Malicious Computer Network Operations

• Spam email campaigns distributing malware likely used LLM-generated content
• Ransomware operators deployed likely LLM-authored data destruction scripts
• Cloud-conscious operators attempted to gain access to enterprise LLMs

 China’s Cyber Enterprise

China-nexus adversaries dominated the global threat scene in 2024, with intrusions increasing 150% across all sectors compared to 2023. The financial services, media, manufacturing, and industrials and engineering sectors experienced 200-300% increases in observed China-nexus intrusions.

This surge reflects decades of government investment into China’s cyber workforce and programs, yielding matured capabilities and efficiencies. In 2024, CrowdStrike identified seven new China-nexus adversaries, five of which are unique in their specialization and sophistication, representing an ongoing shift from “smash-and-grab” operations to increasingly focused missions.

Enterprising Vulnerability Exploitation

Threat actors continued to target devices in the network periphery, particularly network appliances, throughout 2024. These devices are attractive targets due to their many unresolved security shortcomings and deliberate exposure.

Attackers have adopted two layered approaches to achieve remote code execution:

1. Exploit chaining: Combining two or more vulnerabilities to create an attack sequence
2. Abusing legitimate features: Using product features like integrated command shells

The report highlights specific examples, including:

• Multiple unattributed threat actors chaining vulnerabilities in Palo Alto Networks PAN-OS software
• OPERATOR PANDA likely chaining Cisco IOS vulnerabilities to target U.S. telecom and professional services entities

 Recommendations

The report concludes with several recommendations for organizations:

1. Secure the entire identity ecosystem: Adopt phishing-resistant MFA solutions, implement strong identity policies, and use identity threat detection tools.
2. Eliminate cross-domain visibility gaps: Deploy XDR and next-generation SIEM solutions to provide unified visibility across endpoints, networks, cloud environments, and identity systems.
3. Defend the cloud as core infrastructure: Implement CNAPPs with CDR capabilities and enforce strict access controls.
4. Prioritize vulnerabilities with an adversary-centric approach: Focus on regular patching of critical systems and use tools like Falcon Exposure Management to prioritize vulnerabilities.
5. Know your adversary and be prepared: Adopt an intelligence-driven approach to understand which adversaries are targeting you and how they operate.

 CinchOps: Your Trusted Cybersecurity Partner

In today’s rapidly evolving threat environment, having the right cybersecurity partner is more critical than ever. At CinchOps, we understand that enterprises face increasingly sophisticated adversaries who operate with business-like efficiency and precision.

Our comprehensive security solutions are designed to address the key challenges highlighted in the CrowdStrike 2025 Global Threat Report. We provide:

• 24/7 Threat Detection and Response: Our expert security operations team leverages advanced technologies to detect and respond to threats in real-time, well within the critical breakout time window.
• Identity Security Solutions: We implement robust identity protection measures, including phishing-resistant MFA and continuous monitoring for identity-based threats.
• Cloud Security Expertise: Our team specializes in securing cloud environments against today’s sophisticated threats, from SaaS exploitation to cloud-based identity attacks.
• Vulnerability Management: We help you prioritize patching based on real-world threat intelligence, focusing on the vulnerabilities that pose the greatest risk to your organization.
• Security Awareness Training: We provide comprehensive training programs to help your employees recognize and respond to social engineering attempts, including increasingly common vishing attacks.

CinchOps combines deep technical expertise with a proactive approach to security, ensuring your organization stays ahead of evolving threats. As adversaries become more enterprising, so must your cybersecurity partner.

Contact CinchOps today to learn how we can help protect your organization against the threats outlined in the CrowdStrike 2025 Global Threat Report and build a more resilient security posture for the future.