Cybercrime is becoming a highly efficient business, using automation, AI, and advanced social engineering to scale attacks and maximise impact. Whether using fictitious profiles or AI-generated emails and websites, adversaries like FAMOUS CHOLLIMA are using genAI (generative artificial intelligence). That’s according to vendor CrowdStrike’s 2025 Global Threat Report. In 2024, social engineering, cloud intrusions, and malware-free techniques surged, and nation-state actors intensified cyber espionage, the report says.
Detailed are numerous criminals and hactivists, also categorised by country, such as COZY BEAR, defined a a Russia state-nexus adversary, assessed as likely to be acting on behalf of the Foreign Intelligence Service of the Russian Federation. The vendor found that around half, 52 per cent of vulnerabilities it observed were related to initial access, reinforcing the critical need to secure entry points before adversaries become persistent.
The average ‘breakout time’ for an cyber criminal dropped to 48 minutes; the fastest was less than a minute. According to the report, adversaries may operate under the guise of legitimate employment to gain system access and carry out malicious activity.
What they say
Adam Meyers, head of counter adversary operations at CrowdStrike, said: “China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organisations to rethink their approach to security. Adversaries exploit identity gaps, leverage social engineering and move across domains undetected — rendering legacy defences ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”
Comment
Joel Rennich, SVP of Product Management at JumpCloud, said: “Malware-free attacks are on the rise with attackers looking to avoid traditional security measures. Also known as ‘living off the land’ attacks, these threats don’t rely on traditional malicious software, instead, they exploit existing, legitimate tools readily available on the system. Think of it like this; instead of burglars breaking in with specialised tools (malware), attackers use the spare key under the plant pot and household items (PowerShell or WMI in Windows) to carry out their attack.
“These attacks are becoming increasingly popular among cybercriminals because they leave minimal traces, evading antivirus scans and bypassing traditional security tools. While traditional security software has improved at detecting malicious files, attackers are turning to stealthier, more accessible tools that leverage legitimate system functions rather than deploying malware.
“The rise of cloud computing, remote work, and automation has widened the attack surface, providing new opportunities for exploitation. Cloud services are a prime target, with attackers gaining access through phishing or credential theft, before using trusted accounts (like Microsoft 365 or Google Cloud) to infiltrate systems. With AI and automation becoming more embedded in business operations, attackers also leverage these tools for more sophisticated attacks.
“To mitigate malware-free attacks, businesses must move beyond traditional malware detection and adopt identity-centric and behaviour-based security strategies. A zero-trust approach, stronger identity and access management, and continuous monitoring are paramount. Educating employees on social engineering tactics and securing third-party access is also key to preventing supply chain attacks. Since attackers exploit trusted tools, businesses should focus on detecting abnormal activity, enforcing least privilege access, and staying vigilant against insider threats.”
