Malware-Free Attacks Surge As Cybercriminals Use Legitimate Tools To Bypass Security

Cyber threats evolved dramatically, with adversaries moving faster and using more advanced techniques to infiltrate networks, according to CrowdStrike’s latest Global Threat Report.

The findings highlight the growing reliance on social engineering, identity-based attacks, and artificial intelligence to bypass security defenses.

One of the most alarming trends is the decrease in “breakout time”—the time it takes for an attacker to move laterally within a compromised network. The average breakout time dropped to just 48 minutes in 2024, with the fastest recorded at a mere 51 seconds.

This rapid escalation means organizations have even less time to detect and stop breaches before significant damage is done. Social engineering attacks surged, with voice phishing (vishing) increasing by 442% between the first and second half of 2024.

Attackers are leveraging direct phone calls to manipulate victims into revealing credentials, granting access, or executing malicious actions. Additionally, the sale of network access through underground markets has flourished, with advertisements for access brokers rising by 50% year-over-year.

CrowdStrike’s report also highlights a shift away from traditional malware-based attacks. In 2024, 79% of detections were malware-free, compared to just 40% in 2019. Instead of deploying malware, attackers are using hands-on-keyboard techniques, mimicking legitimate user behavior to evade detection.

CrowdStrike warned that cloud services are becoming a preferred target for malicious activity on victim machines, with a 26% increase in unattributed cloud intrusions in 2024 compared to 2023.

The report highlighted that attackers are gaining initial access through valid accounts, using cloud environment management tools for lateral movement, and exploiting cloud provider command line tools.

The technology sector remained the most targeted industry for the seventh consecutive year, followed by consulting, manufacturing, and retail.

The report underscores the growing professionalism of cybercriminals, who now operate like structured businesses, continuously refining their tactics.

With identity-based attacks and AI-driven threats on the rise, experts urge organizations to prioritize proactive defense strategies, including risk-based patching, enhanced identity verification, and early credential abuse detection.

With a low barrier to entry, genAI enables threat actors to craft highly convincing phishing emails, deepfake videos, and disinformation campaigns. As cyber adversaries become more sophisticated, security teams must adapt quickly to counter evolving threats.