A new report out today from CrowdStrike Holdings Inc. highlights how cyberthreats evolved significantly in 2024, with attackers shifting toward malware-free intrusions, artificial intelligence-assisted social engineering and cloud-focused vulnerabilities.

The 11th annual 2025 CrowdStrike Global Threat report details a surge in alleged China-backed cyber activity, an explosion in “vishing,” or voice phishing, and identity-based attacks and the growing role of generative AI in cybercrime.

In 2024, CrowdStrike found that 79% of cyber intrusions were malware-free, compared with 40% in 2019. Attackers were found to be increasingly leveraging legitimate remote management and monitoring tools to bypass traditional security measures. And the breakout time — the time it takes for an attacker to move laterally within a compromised network after gaining initial access — dropped to 48 minutes in 2024, with some attacks spreading in under one minute.

Identity-based attacks and social engineering saw notable surges through 2024. Vishing attacks surged more than fivefold, notably replacing traditional phishing as a primary method of initial access. Help desk impersonation attempts also increased through the year, with adversaries persuading information technology staff to reset passwords or bypass multifactor authentication.

Access broker advertisements, where attackers sell stolen credentials, rose 50% through 2024, as more credentials were stolen and made available on both the clear and dark web.

Alleged China-linked actors were also busy through the year. CrowdStrike’s researchers claim a 150% increase in activity, with some industries seeing a 200% to 300% spike. The same groups are noted in the report as adopting strong OPSEC measures, making their attacks harder to trace.

As with last year’s annual report, CrowdStrike also highlights the rising prominence of AI in cybercrime. Generative AI is now widely adopted for social engineering, phishing, deepfake scams and automated disinformation campaigns. Notable AI campaigns include the North Korea-linked group FAMOUS CHOLLIMA using AI-powered fake job interviews to infiltrate tech companies.

Cloud and software-as-a-service attacks were also found to have risen in 2024, with cloud-conscious adversaries expanding their tactics and exploiting valid accounts for initial access. Some 35% of cloud security incidents involved valid account abuse, as attackers avoided malware to stay undetected and SaaS exploitation increased. Attackers targeted Microsoft 365, SharePoint and enterprise application programming interfaces to exfiltrate sensitive data.

On the vulnerability front, more than half of vulnerabilities observed in 2024 were related to initial access, reinforcing the urgency of securing entry points. The report notes that zero-day or unpatched vulnerability exploitation remains a concern, with state-backed groups focusing on network appliances and cloud infrastructure.

To counter the increasing levels of security risk, CrowdStrike’s researchers recommend strengthening identity security through phishing-resistant MFA, continuous monitoring of privileged accounts, and proactive threat hunting to detect malware-free intrusions before attackers establish a foothold. Organizations should also implement real-time AI-driven threat detection, ensuring rapid response capabilities to mitigate fast-moving attacks, such as those with breakout times under a minute.

In addition to identity protection, enterprises are recommended to fortify cloud security by enforcing least privilege access, monitoring API keys for unauthorized usage and securing software-as-a-service applications against credential abuse. As adversaries increasingly exploit automation and AI tools, defenders are advised to adopt advanced behavioral analytics and cross-domain visibility solutions to detect stealthy intrusions and disrupt adversary operations before they escalate.

Image: SiliconANGLE/Ideogram