According to a global threat Crowdstrike 2025, it was no longer as common in 2024 as before. Established actors of the trend aimed at approaching legitimate according to social engineering techniques such as voice phishing (Vishing), backward phishing and social engineering attacks.
We are well with the era of what cyber security technology Crowdstrike called the “business opponent”, with malware-like-service and criminal ecosystems replacing the old-fashioned image of the actor of a lonely threat. The attackers also use legitimate tools for long -distance management and monitoring, where they could once choose malware.
Country threats use generative AI
The threats use generative AI to craft phishing and carry out other attacks on social engineering. Crowdstrike found actors threats using generative AI K:
- Create fictitious linkedIn profiles in hiring programs such as North Korea profiles.
- Create Deepfake Video and Voice Clones for Coming.
- Spreading disinformation on social media.
- Create spam e -mail Campugns.
- Write code and shell commands.
- Write exploitation.
Some actors with threats followed access to LLM themselves, especially models hosted by Amazon Bedrock.
Crowdstrike emphasized the actors of the national state associated with China and North Korea
China remains a national state where you can look at, in 2025 even new groups in China-Nexus and 150% of cyber operations. Highly targeted industries included financial services, media, production and engineering an increase of up to 300%. Chinese opponents increased their pace in 2024 compared to 2023, Crowdstrike said.
North Korean actors of threats carried out significant activities, involving IT workers of fraud intended to raise money.
The election threats prefer entry points that look like legitimate behavior
Malware is not required for 79% of attacks, Crowstrike said; Instead, identity or theft attacks use legitimate accounts to endanger their goals.
Valid accounts were the primary means of attackers to initiate cloud disruptions in 2024; In fact, he was a valid accounting initial vector for 35% of cloud incidents in the first half of the year.
The interactive intrusion, an attack technique in which the attacker imitates or the social engineers that one follows is on the rise. The attackers can cheat legitimate users through social engineering carried out by phone, such as publishing posts because HELP board employees (often spoofing Microsoft) or apply for a false fee or maturity.
Crowdstrike recommended the following to come to social engineering:
- Require authentication of a video with a government identification for employees who call and require self -service resetting of passwords.
- Training of HELP Desk employees to make phone calls carried out outside working hours when using the password and reset the application for resetting the MFA.
- Use authentication factors such as Fido2 to take into account the disturbed impairment of verification factors such as FIDO2.
- Monitor more than one user registering the same device or phone number for MFA.
See: Only 6% of research workers and safety experts in December 2024 actively used generative AI in December 2024.
Information of publication can be a double edge sword: some attackers examined “publicly available vulnerability research-as publication, technical blogs and proof of concept (POC) to help their harmful activities,” Crowdstrike wrote.
Last year, there was an increase in access brokers who specialize in the sale of broken access to ransomware manufacturers or other actors. Advertised approaches include almost 50% compared to 2023.
Tips to secure your organization
Crowdstrike said the organization should:
- Make sure their identity enterie system is covered in phishing resistant MFA solutions.
- Remember that the cloud is the basic infrastructure and defend it as such.
- Deploy modern detection and response strategies.
- Repair or upgrade critical systems regularly.