It is billed as “the most anticipated cybersecurity report of the year.” It is the CrowdStrike 2025 Global Threat Report. The report reveals an alarming rise in cyber threats, with adversaries refining their strategies at an unprecedented pace. It highlights major trends shaping the global cybersecurity landscape, from China’s intensified cyber activities to generative AI-driven attacks. We picked six things to touch on from AI-powered cyberattacks to cloud security breaches.
1. China’s Cyber Operations Reach New Heights
The report notes a 150% surge in China-linked cyber activity in 2024. Alarmingly, some industries experienced 200-300% more attacks. China-nexus adversaries have become more sophisticated, prioritizing stealth and operational security while expanding their infrastructure for cyber espionage.
The report attributes this escalation to China’s long-term investments, a “Grand Strategy,” in its cyber workforce and offensive capabilities. Seven new China-nexus adversaries emerged, each demonstrating specialized targeting strategies, particularly in financial services, media, and manufacturing.
The findings suggest that China is pre-positioning itself in critical networks, likely in preparation for future geopolitical maneuvers.
2. Generative AI Becomes a Cyber Weapon
Cybercriminals are using AI-powered cyberattacks via generative AI (genAI) for social engineering, disinformation, and malware development. In 2024, nation-state actors from China, Russia, and North Korea used genAI to conduct highly convincing and successful phishing campaigns and even create deepfake job candidates to infiltrate organizations.
One striking case involved North Korean adversary FAMOUS CHOLLIMA, which used AI-generated fake profiles to secure remote IT jobs at global firms. These insiders then sent company-issued laptops to third parties running illicit “laptop farms” to maintain persistent access to corporate networks.
Not unlike AI’s adoption in every industry, criminal adversaries are only beginning to explore it’s full potential. Criminal use is likely to escalate in 2025.
3. Hands-On-Keyboard Attacks Rise Sharply
79% of cyber intrusions in 2024 were malware-free, marking a dramatic shift toward hands-on-keyboard attacks. Instead of deploying malware, attackers increasingly rely on legitimate remote tools and stolen credentials to blend in with normal user activity.
CrowdStrike identified a 35% increase in hands-on-keyboard attacks last year, with some adversaries breaking into networks and escalating privileges in under 51 seconds.
One particularly concerning case involved CURLY SPIDER, an e-crime adversary that used social engineering and remote desktop tools to gain access and deploy ransomware within minutes.
4. Access Brokers Fuel the Underground Cyber Economy
The sale of stolen network access is booming, with access broker advertisements increasing by 50% year-over-year. These brokers obtain and resell compromised credentials. Naturally, this added revenue stream fuels ransomware and espionage campaigns.
CrowdStrike found that 52% of vulnerabilities in 2024 were linked to initial access techniques, including vishing, callback phishing, and MFA bypass schemes.
The most alarming trend is the growth of identity-based attacks, where hackers exploit valid user accounts instead of deploying malware.
In 2024, 35% of cloud intrusions involved stolen login credentials, highlighting the urgent need for stronger identity protections.
5. Cloud-Based Attacks Are Growing Fast
Cloud security breaches remains a prominent weak spot. Cloud-based cyber intrusions rose 26% in 2024. Attackers increasingly target cloud environments, using valid credentials and exploiting misconfigured access controls to move laterally.
Among the most sophisticated cloud-conscious adversaries are China-nexus actors, who compromise cloud services to steal sensitive data. North Korean hackers have also exploited cloud vulnerabilities, using backdoored GitHub projects to infiltrate enterprise environments.
CrowdStrike warns that identity-based attacks and misconfigured cloud permissions remain the most significant threats that can result in cloud security breaches.
6. The Need for Proactive Defense Has Never Been Greater
With cyberattacks becoming faster, more complex, and harder to detect, CrowdStrike emphasizes the need for real-time threat detection, identity protection, and proactive threat hunting.
Security teams must adopt AI-powered defense strategies, enhance cloud security policies, and harden identity verification processes. I feel like I should just cut and paste this element of our summary to cybersecurity reports. Kidding aside, the consistency of concern warrants attention. As adversaries refine their techniques, organizations must stay ahead of the curve—or risk becoming their next victim.
