Phishing was no longer as common in 2024 as before, according to Crowdstrikes 2025 Global Threat Report. Threat players tend to access legitimate accounts through social engineering techniques such as Voice Phishing (Viseing), Callback Phishing and Helpdesk Social Technical Attacks.
We are well in an era of what cybersecurity technology-crowdstrike called “the enterprising opponent”, with Malware-as-A-Service and criminal ecosystems replacing the old-fashioned image of the lonely threat. Attackers also use legitimate remote control and monitoring tools where they may once have chosen malware.
Threat actors take advantage of generative AI
Threateners use generative AI to design phishing -e emails and carry out other social technical attacks. Crowdstrike found threat actors who used generative AI to:
- Create Fictitious LinkedIn profiles in employment schemes such as those performed by North Korea.
- Create Deepfake Video and Voice Clones to commit fraud.
- Spread disinformation on social media.
- Create SPAM -E -Mail campaigns.
- Write code and shell commands.
- Write utilization.
Some threat actors persecuted to access the LLMS itself, especially models that host Amazon Bedrock.
Crowdstrike highlighted national state actors associated with China and North Korea
China remains the nation-state to look at where even new China-Nexus groups are emerging in 2025 and a 150% increase in cyber spyag operations. Very targeted industries, including financial services, media, manufacturing and engineering, experienced increases of up to 300%. Chinese opponents increased their pace in 2024 compared to 2023, Crowdstrike said.
North Korean threat actors carried out high profiled activities, including IT work takers, which were intended to raise money.
Threat players favor entry points similar to legitimate behavior
Malware is not needed for 79% of the attacks, Crowdstrike said; Instead, use identity or access to theft attack legitimate accounts to compromise their goals.
Valid accounts were a primary means of attackers to launch the cloud penetration in 2024; In fact, valid accounts were the initial vector for 35% of the cloud events in the first half of the year.
Interactive penetration, an attacking technique in which an attacker mimics or social engineers, a person to perform legitimate looking keyboard inputs, is increasing. Attackers can trick legitimate users through social technique performed over the phone, such as posting as it helps desk staff (often forgery of Microsoft) or asking for a false fee or due payment.
Crowdstrike recommended the following to prevent social engineering to Helpdesk:
- Require video approval with government identification for employees calling to request resetting self-service.
- Took Help Desk staff to exercise caution when taking passwords and MFA -NULSING POSITION request of telephone calls made outside of business hours or when they receive a large number of requests in a short time frame.
- Use non-push-based approval factors such as FIDO2 to prevent compromise.
- Monitor for more than one user that detects the same device or phone number for MFA.
SE: Only 6% of security researchers and practitioners examined by Crowdstrike in December 2024 used actively generative AI.
Information information can be a double-edged sword: Some attackers examined “publicly available vulnerability surveys, such as revelations, technical blogs and proof-of-concept (POC) utilizing to help their malicious activity,” wrote Crowdstrike.
Last year, there was an increase in access brokers who specialize in selling violation of access to ransomware producers or other threat players. Advertised access increased by almost 50% compared to 2023.
Tips to secure your organization
Crowdstrike said organizations should:
- Make sure their entire identity system is covered with phishing resistant MFA solutions.
- Remember, the cloud is core infrastructure and defend it as such.
- Implement modern detection and response strategies.
- Regularly patch or upgrade critical systems.