Cyberattacks with and without AI are becoming more aggressive

2 min Reading Time

The 2025 Global Threat Report by US security firm CrowdStrike highlights a massive increase in cyberattacks and espionage activities from China and North Korea. These attacks are reportedly becoming more aggressive due to AI support.

TL;DR

Breakout time decreases: Attackers now need only 48 minutes (extreme case: 51 seconds) to jump to other systems.
Chinese espionage +150%: Cyberattacks from China on critical industries have increased by up to 300 percent.
Voice phishing explodes: Vishing attacks surged by 442 percent in the second half of 2024.
79% malware-free: Most attacks occur without classic malware – hands-on-keyboard instead of automated.
North Korea as an insider threat: 304 insider threat incidents registered by state-directed actors.

The new, over 50-page-long Cyber Threat Report 2025 by IT security specialist CrowdStrike reads like a crime thriller. It discusses partly state-directed espionage and sabotage, with many attacks originating from China and Iran and increasingly involving AI.

A central finding: The breakout time – the period between successful intrusion by attackers and jumping to other systems – has decreased to 48 minutes, with an extreme case in 2024 taking only 51 seconds. In 2023, it took an average of 62 minutes, and the year before that, it was 84 minutes.

Negative Highlights

For the new report, CrowdStrike tracked more than 250 actors and 140 activity clusters. Apart from the previously mentioned point, here are the most important negative highlights identified by the IT security company for its Global Threat Report 2025:

Chinese cyber espionage is becoming more aggressive: Chinese or China-affiliated espionage attacks have surged by 150 percent, with attacks on critical industries increasing by 200 to 300 percent. The state leadership’s calls in 2014 to make China a cyber power have thus borne negative fruit. The primary targets in Europe are the manufacturing industry, followed by aerospace, healthcare, governments and public administrations, NGOs, and the financial sector.
Voice phishing incidents, known as vishing, increased by 442 percent from the first to the second half of 2024, often with AI support. Particularly “vishing-strong” months were the last quarter and May 2024.
IABs on the rise: 52 percent of vulnerabilities observed worldwide by CrowdStrike are attributable to Initial Access Brokers (IABs). These are cybercriminals who sell access data obtained through phishing or malware to the highest bidder. Corresponding Access-as-a-Service offerings on the internet or dark web have increased by 50 percent within a year.
Misuse of valid account data was responsible for 35 percent of cloud-related incidents in 2024, according to CrowdStrike. This shows that attackers are increasingly focusing on capturing or compromising digital identities to gain access to additional corporate environments.
Malware-free cyber incidents have surged to 79 percent compared to 40 percent the previous year, indicating that attacks using “hands-on-keyboard” techniques are increasingly controlled directly by individuals or AI programs and occur less automatically. The advantage for cybercriminals is that their activities can merge with those of real users, allowing them to infiltrate and exit systems unnoticed.
Insider attacks: More insider threats are emerging from North Korea under the guise of legitimate use. CrowdStrike registered 304 such incidents in 2024, attributed to a group named “Famous Chollima.” Nearly 40 percent of the cases fell into the insider threat category. The regime is also increasingly using GenAI to influence elections or conduct social engineering.

Prevention is better than cure

The figures mentioned in the new Global Threat Report 2025 and highlighted in the foreword underscore the importance of vigilance in preempting cyberattacks. To enhance this, companies and government agencies should train their employees accordingly while also implementing advanced technical solutions to detect incidents promptly and reliably. As attackers increasingly use AI, it is also crucial for companies to upgrade and invest in this area.

Key Facts at a Glance

Breakout Time 2024: 48 minutes (Minimum: 51 seconds)

Chinese Espionage: +150%, critical industries +200-300%

Vishing Increase: +442% (H1→H2 2024)

Initial Access Brokers: 52% of all vulnerabilities, +50% growth

Malware-Free Attacks: 79% (Previous Year: 40%)

Cloud Incidents: 35% due to misused account data

Source: CrowdStrike Global Threat Report 2025

Fact: The CrowdStrike Global Threat Report 2025 records an average breakout time of just 62 minutes – the fastest ever measured.

Fact: According to Mandiant, 37 percent of all analyzed attack campaigns in 2024 already used AI-supported phishing components.

Frequently Asked Questions

What is breakout time in cyberattacks?

Breakout time refers to the time between intrusion and spread within the network. In 2024, it was 48 minutes, with an extreme case taking only 51 seconds.

Why are malware-free attacks increasing?

79 percent of all cyber incidents in 2024 occurred without malware. Attackers use valid access data and hands-on-keyboard techniques to remain undetected.

What are Initial Access Brokers?

IABs sell acquired access data as a service. In 2024, they were responsible for 52 percent of observed vulnerabilities, with Access-as-a-Service growing by 50 percent.

What role does AI play in cyberattacks?

AI is used for refined voice phishing, social engineering, and election interference. Vishing increased by 442 percent with AI support.

What should companies do?

Employee training, AI-supported detection, identity threat detection, 2FA, and automated incident response are the most important countermeasures.

More from the MBF Media Network

cloudmagazin | MyBusinessFuture | Digital Chiefs

Header Image Source: Unsplash / Boitumelo

Print article