Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report
Mar 20 2025
Security

Agencies Must Secure Identities as Social Engineering Attacks Increase

CrowdStrike’s new Global Threat Report finds voice phishing is up, China and North Korea are finding their way into the cloud, and more.
Dave Nyczepir
by

Dave Nyczepir is a Senior Editor for Manifest.

Social engineering attacks are on the rise. This means agencies should invest in endpoint detection and response tools, then focus on securing identities and establishing cross-domain visibility.

Voice phishing attacks in particular rose 442% between the first and second half of 2024, in part because EDR has led more threat actors to abandon traditional cyberattacks, such as deploying malware via malicious documents, in favor of targeting help desks, according to CrowdStrike’s 2025 Global Threat Report.

China’s cyberactivity increased an average of 150% year over year across all sectors, and 200% to 300% in the financial services, media and manufacturing sectors. Decades of investment have led to the nation-state developing a fully functional offensive cyber capabilities on par with that of other world powers and driven by the goal of becoming the global hegemon.

“As we see the geopolitical landscape shifting, we see China becoming more belligerent toward Taiwan,” said Adam Meyers, head of counter adversary operations at CrowdStrike, during a report briefing in late February. “This is going to come to a head in the next 12 to 24 months.”

Click the banner below to see how identity and access management can improve the user experience.

xs_iam_animated2_q424_na_desktop xs_iam_animated2_q424_na_mobile

 

The Rise of Social Engineering Attacks

China has adopted an operational relay base model that relies on botnets of infected routers in the U.S. That’s because attacks “coming from inside the house” are easier to pass off as normal network activity.

Salt Typhoon, a Chinese advanced persistent threat actor, has become adept at targeting U.S. telecommunications companies, Meyers said.

Hands-on-keyboard attacks, where the threat actor forgoes scripted commands in favor of manually handling the operation, accounted for 79% of all cyberattacks in 2024, according to the report.

Attackers using this method log in to a network with compromised user credentials and then move across the network via an application or browser. They often obtain these credentials by impersonating the user and calling the help desk for a password reset or, conversely, flooding a user with spam, then impersonating the help desk to send that person a link bypassing multifactor authentication.

Adam Meyers, Head of Counter Adversary Operations, CrowdStrike
Not only are these adversaries using different techniques, different capabilities, they’re doing it faster.”

Adam Meyers Head of Counter Adversary Operations, CrowdStrike

Generative artificial intelligence is making it easier to harvest credentials. Phishing emails written by generative AI had a click-through rate of 54%, compared with 12% for those written manually, per the report.

In one instance, a company made a $25.6 million wire transfer in response to an emailed deepfake video. Companies are also unwittingly hiring North Korean attackers, who create fake LinkedIn profiles with generative A, then use deepfake videos during their interviews while answering questions via generative AI.

“Not only are these adversaries using different techniques, different capabilities, they’re doing it faster,” Meyers said.

The average breakout time — the time it takes an adversary to move laterally within a network — was 48 minutes in 2024, down from 62 minutes the year prior, and the fastest breakout recorded was 51 seconds, according to the report.

Some threat actors, known as access brokers, settle for gaining access to a target and then selling it to the highest bidder, activity that jumped 50% in 2024, per the report.

DISCOVER: Cyber resilience hinges on user intelligence in the zero-trust era.

Don’t Underestimate Cloud-Conscious Adversaries

CrowdStrike further found a 26% increase in cloud intrusions, and abuse of valid accounts has become the primary access method to the cloud, accounting for 35% of cloud incidents in the first half of 2024. This signals that adversaries are improving their ability to target and operate in such environments.

Once inside the cloud, adversaries are targeting generative AI models — one reason China and North Korea are increasing their cloud collections, Meyers said.

Salt Typhoon often accesses the cloud by finding vulnerabilities in edge-facing devices.

“You can gain access to an older VPN concentrator or network router and then pivot from there, deeper into the environment,” Meyers said. “And because those things don’t run modern security tools, they’re softer targets.”

UP NEXT: Artificial intelligence can help with hybrid cloud security challenges.

Organizations need to prioritize what they patch based on intelligence assessments of what adversaries are exploiting, especially as threat actors increasingly chain vulnerabilities together, Meyers said.

Plenty of adversaries do their homework, scouring public research, disclosures and blogs for new exploits targeting small parts of identities.

“If you're not looking across all of those domains, then you’re going to miss all of these attacks,” Meyers said.

ridvan_celik/Getty Images

More On

Related Articles