Unpatched Vulnerabilities Attract Cybercriminals as EDR Visibility Remains Limited

Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of legitimate businesses, according to the CrowdStrike 2025 Global Threat Report.

The report highlights a significant shift in the cyber threat landscape during 2024, with attackers employing advanced tactics and leveraging emerging technologies such as generative artificial intelligence (GenAI) to scale their operations.

The average eCrime breakout time measuring how quickly attackers move laterally within a network dropped to 48 minutes in 2024, down from 62 minutes in 2023, with the fastest recorded breakout time being a mere 51 seconds.

Social engineering attacks surged dramatically, with voice phishing (vishing) incidents increasing by 442% in the second half of 2024 compared to the first half.

Adversaries increasingly relied on compromised credentials and malware-free intrusions, which accounted for 79% of detections.

Access broker advertisements selling stolen credentials grew by 50% year-over-year, underscoring the growing sophistication of these operations.

Generative AI played a pivotal role in enhancing attack effectiveness.

Threat actors used large language models (LLMs) to craft convincing phishing emails and credential-harvesting websites, enabling rapid and scalable social engineering campaigns.

This technology lowered barriers for adversaries, making sophisticated attacks more accessible and widespread.

Cloud and SaaS Environments Under Siege

Cloud environments faced escalating threats, with new and unattributed cloud intrusions rising by 26% year-over-year.

Valid account abuse emerged as the primary method for initial access, accounting for 35% of cloud-related incidents in the first half of 2024.

Adversaries also targeted cloud-based SaaS applications for data theft, lateral movement, extortion, and third-party exploitation.

Single sign-on (SSO) identities were frequently compromised to gain access to these environments.

Unpatched vulnerabilities became a critical focus for attackers, particularly in internet-exposed network appliances where endpoint detection and response (EDR) visibility is inherently limited.

Such vulnerabilities provided an entry point for adversaries to bypass traditional defenses and establish footholds within target organizations.

Nation-State Activity and Insider Threats Proliferate

The report also observed a sharp increase in nation-state activity, with China-linked adversaries leading the charge.

China-nexus activity surged by 150%, with targeted industries such as financial services, manufacturing, and engineering experiencing increases of up to 300%.

Seven new China-nexus adversary groups were identified in 2024, reflecting a shift toward more specialized and sophisticated intrusions.

Insider threats also grew more complex as adversaries embedded themselves within organizations by posing as employees or leveraging insider access.

CrowdStrike reported responding to 304 incidents involving FAMOUS CHOLLIMA adversaries in 2024, nearly 40% of which included insider threat components.

The CrowdStrike report underscores the growing sophistication of cyber adversaries and their ability to exploit vulnerabilities across diverse environments.

Organizations are urged to adopt proactive measures to detect and respond to these evolving threats effectively.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free