CinchOps Houston Business Cyber Update: Key Insights from the CrowdStrike 2025 Global Threat Report

The cybersecurity landscape has entered a new era marked by what CrowdStrike terms “enterprising adversaries” – threat actors who operate with business-like precision and efficiency. The CrowdStrike 2025 Threat Hunting Report reveals alarming trends that underscore the evolving sophistication of modern cyber threats and the critical need for organizations to adapt their defense strategies.

 Understanding the Enterprising Adversary

The report introduces the concept of the “enterprising adversary,” a new breed of threat actor distinguished by sophisticated and scalable tactics designed to execute attacks with calculated, business-like efficiency. These adversaries represent a fundamental shift in how cyber threats operate and pose unprecedented challenges to traditional security approaches.

Key characteristics of enterprising adversaries include:

• Bypassing traditional cybersecurity defenses through deep understanding of conventional safeguards’ limitations
• Exploiting human factors through sophisticated social engineering techniques enhanced by AI
• Moving to unmanaged devices that often represent significant blind spots in organizational security postures
• Operating with strategic precision to maximize impact and quickly achieve objectives
• Adapting quickly to defensive measures and evolving their tactics in real-time
• Leveraging legitimate tools and techniques to avoid detection by security systems

These adversaries fundamentally change how organizations must approach cybersecurity, requiring more proactive and intelligence-driven defense strategies.

(Description of a typical interactive intrusion observed by CrowdStrike OverWatch – Source: CrowdStrike 2025 Global Threat Report)

 Staggering Statistics: The Numbers Tell the Story

The data from CrowdStrike OverWatch’s 12-month observation period paints a concerning picture of rapidly evolving cyber threats. These statistics demonstrate the accelerating pace and sophistication of modern cyberattacks across all domains.

Critical findings from the reporting period include:

• Interactive intrusions increased 27% year-over-year, highlighting growing adversary activity
• 81% of interactive intrusions were malware-free, showing adversaries’ shift to evasive techniques
• eCrime activity represented 73% of total interactive intrusions, demonstrating persistent financial motivation
• Cloud intrusions surged 136% in the first half of 2025 compared to all of 2024
• 40% year-over-year increase in intrusions by suspected cloud-conscious China-nexus actors
• Vishing attacks in the first half of 2025 already surpassed the total number seen in 2024
• Government sector experienced 71% increase in overall interactive intrusions
• Telecommunications sector saw 185% increase in nation-state activity
• FAMOUS CHOLLIMA infiltrated over 320 companies, representing a 220% year-over-year increase

These numbers underscore the urgent need for organizations to modernize their security approaches and invest in advanced threat detection capabilities.

(Interactive Intrusion Breakdown – Source: CrowdStrike 2025 Global Threat Report)

 Sector-Specific Targeting Trends

The technology sector remained the most frequently targeted industry for the eighth consecutive year, encompassing organizations that develop computer software and hardware or provide IT services. However, significant shifts in targeting patterns reveal adversaries’ strategic focus on critical infrastructure and high-value sectors.

Notable sector targeting trends include:

• Technology sector maintains position as top target due to its relationship with multiple industries
• Government sector experienced 71% year-over-year increase in overall interactive intrusions
• Government sector saw 185% year-over-year increase in targeted intrusion activity
• Russia-nexus adversaries primarily responsible for government targeting through espionage operations
• Telecommunications sector experienced 53% increase in overall interactive intrusions
• Telecommunications sector witnessed 130% increase in nation-state activity
• China-nexus adversaries driving surge in telecommunications targeting for intelligence collection
• Manufacturing and retail sectors saw notable increases in eCrime interactive intrusions
• CURLY SPIDER emerged as prominent threat actor against North America-based retail and manufacturing

This targeting pattern reflects adversaries’ understanding of which sectors provide maximum intelligence value and operational disruption potential.

(Top Targeted Sectors By Intrusion Frequency – Source: CrowdStrike 2025 Global Threat Report)

 The AI Revolution in Cybercrime

One of the most significant developments highlighted in the report is the integration of generative AI (GenAI) into adversary operations. This technological advancement has fundamentally transformed how threat actors conduct reconnaissance, social engineering, and operational activities.

Key developments in AI-powered cybercrime include:

• FAMOUS CHOLLIMA became the most GenAI-proficient adversary through systematic AI integration
• 320 companies infiltrated in the last 12 months, representing a 220% year-over-year increase
• AI used at every stage of hiring and employment process for insider threat operations
• Real-time deepfake technology employed to mask true identities in video interviews
• AI code tools leveraged to assist in legitimate job duties while maintaining cover
• GenAI-generated attractive resumes and cover letters for fraudulent employment applications
• CHARMING KITTEN utilizing AI for phishing content generation against EU and U.S. entities
• RENAISSANCE SPIDER employing GenAI for Ukrainian translation in ClickFix lures
• Malware families like FunkLocker and SparkCat incorporating AI capabilities

This weaponization of AI technology poses substantial challenges to traditional security defenses and requires organizations to develop new detection and response capabilities.

(Adversary Use of GenAI as a Primary Attack Vector – Source: CrowdStrike 2025 Global Threat Report)

 Cross-Domain Threats and Identity Attacks

The report emphasizes the critical importance of cross-domain threat hunting as adversaries increasingly operate across multiple domains to evade detection. Identity-based attacks have become a preferred method for gaining initial access and maintaining persistence within target environments.

Critical cross-domain threat developments include:

• Adversaries operating across identity, endpoint, and cloud domains simultaneously
• Cross-domain threats generating fewer detections in single domains, complicating recognition
• Vishing and help desk social engineering dominating eCrime operations in 2025
• First half of 2025 vishing attacks already surpassing total 2024 numbers
• SCATTERED SPIDER accelerating operations from account takeover to ransomware in 24 hours
• 32% faster ransomware deployment compared to 2024 capabilities
• Help desk social engineering becoming preferred initial access method
• Identity protection serving as force multiplier in countering vishing attacks
• Adversaries exploiting human vulnerabilities and leveraging compromised credentials

These sophisticated attack patterns require organizations to implement unified visibility across all domains and develop coordinated response capabilities.

(Vishing Attacks Observed by month, January 2024-June 2025 – Source: CrowdStrike 2025 Global Threat Report)

 Cloud Security Challenges

China-nexus adversaries have quickly gained proficiency in cloud exploitation techniques, demonstrating sophisticated understanding of cloud environments and leveraging them for intelligence collection and persistent access. This represents a significant shift in nation-state targeting strategies.

Major cloud security developments include:

• GENESIS PANDA targeting wide variety of sectors likely serving as initial access broker
• GENESIS PANDA facilitating future intelligence collection through cloud access
• MURKY PANDA demonstrating advanced capabilities in cloud environment navigation
• MURKY PANDA expertise in quickly weaponizing n-day and zero-day vulnerabilities
• Cloud service enumeration through Instance Metadata Service (IMDS) queries
• Pivoting to cloud control planes for lateral movement and persistence
• Establishing backdoor access keys and SSH keys for persistent cloud access
• Trusted relationship abuse for cloud tenant compromise
• Custom .NET-based tools for cloud service console access

These sophisticated cloud targeting techniques require organizations to implement comprehensive cloud security strategies and continuous monitoring across all cloud environments.

 

 Vulnerability Exploitation Trends

The report reveals that vulnerability exploitation continues to be a primary method for adversaries to gain initial access to target environments. The speed at which adversaries can weaponize newly disclosed vulnerabilities presents ongoing challenges for organizations’ patch management processes.

Key vulnerability exploitation patterns include:

• 52% of vulnerabilities observed in 2024 were related to initial access
• Continued exploitation of internet-exposed applications as primary attack vector
• GRACEFUL SPIDER developing zero-day exploits to bypass existing patches
• Post-exploitation malicious behaviors serving as critical fail-safe detection method
• Rapid weaponization of disclosed vulnerabilities by opportunistic adversaries
• CVE-2025-3248 exploitation in Langflow AI targeting multiple objectives
• Threat actors pursuing persistence, credential access, and malware deployment
• Zero-day campaigns bypassing patch fixes through innovative techniques
• Patch circumvention enabling enterprise-scale exploitation campaigns

 Defending Against Modern Threats

To combat these evolving threats, organizations must adopt comprehensive security strategies that address the multi-faceted nature of modern cyberattacks. Traditional security approaches are no longer sufficient against enterprising adversaries who operate across multiple domains and leverage advanced technologies.

Essential defense strategies include:

• Adopting AI-powered solutions to scale security operations and improve detection capabilities
• Securing the entire identity ecosystem with phishing-resistant MFA and strong access policies
• Eliminating cross-domain visibility gaps through XDR and next-gen SIEM solutions
• Defending the cloud as core infrastructure with CNAPPs and CDR capabilities
• Prioritizing vulnerabilities with an adversary-centric approach focusing on exploited weaknesses
• Maintaining knowledge of adversaries through intelligence-driven defense strategies
• Implementing continuous monitoring across all domains and attack surfaces
• Developing incident response capabilities that can match adversary speed and sophistication

Organizations that implement these comprehensive defense strategies will be better positioned to detect, respond to, and recover from attacks by enterprising adversaries.

 How CinchOps Can Help Secure Your Business

CinchOps understands the evolving threat landscape and the challenges small and medium-sized businesses face in defending against enterprising adversaries. Our comprehensive managed IT services are designed to protect your organization from these sophisticated threats while allowing you to focus on your core business operations.

Our cybersecurity services include:

• 24/7 monitoring and threat detection across all your systems and networks
• Identity protection services including phishing-resistant multi-factor authentication implementation
• Cloud security assessments and ongoing protection for your cloud infrastructure
• Vulnerability management with prioritized patching based on actual threat intelligence
• Employee training programs to combat social engineering and vishing attacks
• Comprehensive backup and disaster recovery solutions to protect against ransomware
• Incident response planning and execution to minimize the impact of any security breach
• Next-generation endpoint protection and advanced threat hunting capabilities
• Network security monitoring and intrusion detection services

With our deep understanding of the threat landscape and proven track record in protecting businesses from cyber threats, CinchOps provides the expertise, technology, and vigilance needed to defend against modern cyber threats while ensuring your business operations continue without interruption.

 Discover More 

Discover more about our enterprise-grade and business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: Microsoft and CrowdStrike Unite to Solve Threat Actor Naming Confusion
For Additional Information on this topic: CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target

FREE CYBERSECURITY ASSESSMENT