Cyber threats in 2024 shift to AI-driven attacks and cloud exploits, says CrowdStrike
Cyber threats in 2024 increasingly relied on malware-free attacks, AI-driven social engineering, cloud intrusions, and vulnerability exploitation, with over 52% of observed vulnerabilities linked to initial access, according to CrowdStrike.
A new report from CrowdStrike, the US-based cybersecurity company, examines the evolution of cyber threats in 2024, identifying shifts toward malware-free intrusions, artificial intelligence-assisted social engineering, and cloud-related vulnerabilities.
The researchers highlight an increase in cyber activity attributed to state-linked actors, a rise in identity-based attacks, and the growing role of generative AI in cyber operations. According to the report, 79% of cyber intrusions in 2024 did not involve traditional malware, compared to 40% in 2019. Attackers increasingly relied on remote management and monitoring tools to evade security measures. The average breakout time—the time taken for an attacker to move laterally within a compromised network—decreased to 48 minutes, with some intrusions occurring in under one minute.
The report also highlights an increased reliance on exploiting vulnerabilities, particularly for initial access. More than 52% of vulnerabilities observed in 2024 were related to gaining an initial foothold in a system, underscoring the importance of securing entry points. Attackers increasingly leveraged chained vulnerability exploits—where multiple flaws are exploited in succession—to enhance their chances of success.
Cloud security incidents also saw an increase, with valid account abuse accounting for 35% of cloud-related intrusions. Attackers focused on services such as Microsoft 365 and SharePoint, as well as enterprise APIs, to gain unauthorized access and extract data. The report emphasizes that more than half of observed vulnerabilities in 2024 were related to initial access, with an increase in attacks using chained vulnerability exploits.
Generative AI played a growing role in cyber operations, including phishing, deepfake-based social engineering, and automated disinformation campaigns. The report cites activity from groups leveraging AI-powered tactics, such as the use of fake job interviews to infiltrate technology firms.
For more information on these topics, visit diplomacy.edu.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.
