Mar 03, 2025 23:37:00

Cybersecurity company CrowdStrike releases report on cybercrime in 2024, stating that 'malware-free attacks' will increase 79% year-on-year

Cybersecurity company CrowdStrike released its 2025 Global Threat Report on February 27, 2025. The report states that 'malware-free' attacks, which are difficult to detect with antivirus products, will account for approximately 79% of system intrusions.

2025 CrowdStrike Global Threat Report: China's Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises | CrowdStrike Holdings, Inc.

https://ir.crowdstrike.com/news-releases/news-release-details/2025-crowdstrike-global-threat-report-chinas-cyber-espionage

CrowdStrike 2025 Global Threat Report

https://www.crowdstrike.com/explore/2025-global-threat-report

Cybercriminals prefer remote tools over malware, says CrowdStrike | SC Media
https://www.scworld.com/news/cybercriminals-prefer-remote-tools-over-malware-says-crowdstrike

After tracking over 250 threat actors and 140 activity clusters, CrowdStrike reports the following findings:

◆ China's Cyber Espionage Activities Intensify
CrowdStrike identified seven new China-related cybercrime groups in 2024. Additionally, the damage caused by Chinese cybercrime groups has been increasing year by year, with Chinese government-sponsored espionage activities increasing 150% year-over-year and targeted attacks against the financial services, media, manufacturing and industrial sectors increasing by 300%.

Generative AI Powers Social Engineering
Due to the sophistication of AI-based phishing and impersonation, the number of 'voice phishing' incidents, which deceive targets via phone calls, emails, and system messages, increased by 442% from the first half of 2024 to the second half of the year. Among them, cybercrime groups known as ' CURLY SPIDER ', ' CHATTY SPIDER ', and ' PLUMP SPIDER ' are said to be exploiting leaked credentials to carry out cross-domain attacks that use gaps between endpoints, clouds, and IDs, evading security controls, etc.

Iranian Cybercrime Group Uses Generative AI to Research and Exploit Vulnerabilities
Iran is actively researching and developing AI under government leadership, and Iranian cybercrime groups are also using generative AI to research vulnerabilities, develop exploits, and apply patches to domestic networks.

Increase in malware-free attacks
In recent years, many cybercrime groups have been conducting 'malware-free attacks' in which they exploit compromised credentials to infiltrate systems as legitimate users and obtain confidential information using remote administration tools, rather than the traditional method of having targets install and execute malware. In fact, a CrowdStrike survey reported that 79% of attacks to gain initial access are malware-free. It has been pointed out that such malware-free attacks are difficult for antivirus software to detect, allowing attackers to obtain information without leaving any traces of their own.

◆Security breach time in record time
The average time it took for

eCrime , a group engaged in a myriad of financially motivated cybercrime activities, to compromise a system broke the previous record by 48 minutes, and also set a new record of 51 seconds, which CrowdStrike noted 'gives defenders almost no time to react.'

Unpatched vulnerabilities are the main target
Of the attacks observed this time, 52% exploited unpatched vulnerabilities, CrowdStrike said, 'highlighting the importance of securing entry points before attackers can exploit vulnerabilities to establish persistence.'

'As we enter 2024, cybercriminal groups are maturing faster than ever before, innovating their techniques and tools, and finding creative ways to evade modern defenses. Adversaries are taking a business-oriented approach to their attacks, learning from their own and their peers' failures and successes to streamline tactics and further refine and scale successful strategies,' CrowdStrike said.