What key findings or insights from the 2025 Threat Hunting Report should CIOs be aware of?
The CrowdStrike 2025 Threat Hunting Report reveals a major shift in cyberattacks. Adversaries are weaponising GenAI to scale operations and accelerate attacks. They are increasingly targeting the autonomous AI agents reshaping enterprise operations.
Advanced threat groups like FAMOUS CHOLLIMA are integrating GenAI into insider operations, while lower-tier eCrime actors use AI to generate scripts, solve technical problems and build malware.
Fabio Fratucello, Field CTO World Wide, CrowdStrike
Multiple actors are exploiting vulnerabilities in AI agent development tools. These intrusions grant unauthorised access, establish persistence, harvest credentials and deploy malware or ransomware. The agentic AI revolution is expanding the enterprise attack surface, turning autonomous workflows and non-human identities into prime targets for exploitation.
Why are threat actors focusing on crossdomain attacks to target organisations?
Identity has become the new security perimeter. Adversaries no longer break in – they log in using stolen credentials. Cloud environments serve as common entry points, as attackers exploit data, configurations and controls to access systems.
The report shows this shift clearly, with cloud intrusions surging 136 % year-over-year.
CrowdStrike’ s 2025 Threat Hunting Report reveals that 81 % of all cyberattacks are now malwarefree, highlighting a growing blind spot for enterprises: cross-domain intrusions. Bill Tanner, Editor at Intelligent CIO, speaks with Fabio Fratucello, Field CTO World Wide, CrowdStrike, on why adversaries are exploiting the seams between tools and why unified visibility, powered by Next-Gen SIEM and XDR, is critical for modern cyber defence.
Once inside, adversaries pivot across identities, endpoints and cloud domains. They evade detection by blending in with normal traffic, allowing them to establish persistence by accessing additional identities, changing or disabling cloud controls and exfiltrating data or deploying ransomware.
Cross-domain attacks are now the norm, with hands-on-keyboard activity up 27 % year-overyear. Additionally, 81 % of interactive intrusions are malware-free.
Organisations need unified security platforms with cross-domain visibility to understand system-wide activity and initiate rapid responses. Single-agent, unified platforms enable modules to share data and insights, powering AI that correlates platform-wide
Identity has become the new security perimeter. Adversaries no longer break in – they log in using stolen credentials.
WWW. INTELLIGENTCISO. COM 37