Menu
Blog Header shape Blog Header shape
Global Threat Report header

CrowdStrike Global Threat Report: The year of the “evasive adversary”

Discover the key insights from the CrowdStrike Global Threat Report 2026 and strengthen your cybersecurity strategy with actionable recommendations.
Global Threat Report header

In 2025, attackers became faster, smarter, and above all, less visible. The CrowdStrike 2026 Global Threat Report paints a threat landscape in which adversaries are increasingly exploiting trust: legitimate accounts, trusted cloud services, SaaS integrations, and software supply chains. The result is a type of attack that is difficult to distinguish from normal activity—with an impact that can materialize in minutes.

At the same time, 2025 is the year in which AI adversaries truly ramped up their activities. AI has enabled the acceleration of phishing, the automation of reconnaissance, and the “troubleshooting” of attack techniques. And it doesn’t stop there: AI systems themselves are becoming a new target and part of the attack surface

Key findings from the 2025 report

  1. Attacks are happening faster than ever
    The average ‘breakout time’ (the time between initial access and lateral movement) dropped to 29 minutes in 2025. This is a 65% increase in speed compared to 2024. CrowdStrike’s fastest observed breakout took just 27 seconds.
  2. A growing number of intrusions are malware-free
    In 2025, 82% of detections were malware-free. Attackers use valid credentials, admin tools and ‘living off the land’ techniques to avoid detection.
  3. AI accelerates and democratizes attack capabilities
    CrowdStrike observed an 89% year-over-year increase in attacks by AI-enabled adversaries. AI not only increases the scale of attacks but also empowers less sophisticated actors to carry out operations that previously required greater expertise.
  4. Cloud and identity are at the center of attention
    Cloud-related intrusions increased by 37% in 2025. Among state-affiliated actors, this figure was as high as 266%. Furthermore, valid account abuse accounted for 35% of cloud-related incidents, clearly indicating that identity is the main battleground.
  5. Zero-day exploits and edge devices are narrowing the defense window
    The number of zero-day exploits prior to public disclosure increased by 42%. In 2025, activity linked to China surged by 38%, and in 67% of the vulnerabilities they exploited, the flaw provided direct system access. Furthermore, 40% of these exploits targeted internet-facing edge devices, such as VPNs, firewalls and gateways.
  6. The blast radius is being expanded by supply chain attacks
    Attackers are increasingly compromising ‘upstream’ organizations, such as software vendors, repositories and CI/CD, in order to impact downstream organizations at scale. The report describes, among other things, the largest reported crypto theft ever: $1.46 billion, made possible through a supply chain compromise.

Manufacturing companies increasingly targeted

Attacks on industrial organizations and their supply chains led to disruptions in production processes. The speed at which attackers can move within networks makes strict separation between IT and OT, as well as clear chain agreements, essential.

What does this mean for organizations?

The common thread is clear: trust has become the new attack vector. Attackers move through authorized channels (identity, SaaS, cloud, and supply chain) and avoid heavily monitored endpoints. This creates blind spots precisely where business processes depend most on continuity.

In this context, ‘reactive’ defense is becoming increasingly ineffective. When exfiltration can begin in minutes and a breakout can occur in seconds, the speed of detection, decision-making and response is crucial. Ideally, this would be supported by automation and cross-domain correlation.

Recommended measures (based on the recommendations in the report)

  1. Secure AI: Protect AI Systems as well as AI Usage
    • Ensure that AI governance and monitoring align with how employees use AI tools.
    • Implement access controls and data classification to minimize data breaches.
    • Protect your AI workloads against runtime attacks, such as prompt injection.
    • Evaluate the suppliers and supply chains involved in the development and integration of AI.
  2. Treat identity and SaaS as primary attack surfaces
    • Implement phishing-resistant MFA wherever possible.
    • Enforce the principle of least privilege for service accounts and non-human identities as well.
    • Monitor anomalous token and SaaS activity (OAuth, sessions, API keys).
  3. Eliminate cross-domain blind spots
    • Consolidate telemetry across endpoints, the cloud, identity, SaaS, and the network.
    • Cross-domain correlation and detection (XDR + next-gen SIEM workflows).
    • Automate data enrichment with threat intelligence to identify attack paths more quickly.
  4. Secure the software supply chain and developer workflows
    • Harden developer endpoints en CI/CD.
    • Validate dependencies and package integrity (scanning, signing, policy).
    • Conduct third-party risk assessments on tools and suppliers.
  5. Prioritize the patching and monitoring of edge devices
    • Triage en patch internet-facing systemen versneld (streef naar uren/dagen, niet weken)
    • Accelerate the triage and patching of internet-facing systems, aiming for hours or days rather than weeks.
    • Segment to limit lateral movement from the perimeter

In short

2025 showed us that the most successful attacks are not necessarily the ‘newest’ ones, but rather those that are faster, smarter and better concealed through identity, the cloud, SaaS and supply chains. In 2026, the organization that will make a difference are those that organize their defenses to be just as cross-domain and agile as their adversaries’ operations.

Would you like to discuss what these insights mean for your organization (identity, SaaS, cloud, and edge)? Contact OpenSight for a tailored risk analysis and concrete steps for improvement.

Related posts
Webinar Zero Trust met Zscaler AI
Webinar: Zero Trust met Zscaler AI
Published on 19-02-2026
Lunch & Learn: Minimum Viable Company
Published on 03-02-2026
cybersecurity vooruitblik 2026
Cybersecurity outlook for 2026: four trends that SMEs cannot ignore
Published on 09-01-2026

Deze website maakt gebruik van cookies

Er worden cookies gebruikt om functionaliteiten op de website mogelijk te maken, statistieken bij te houden, gebruikersvoorkeuren op te slaan en voor marketingdoeleinden.

Bekijk hier onze privacyverklaring
ALLES ACCEPTEREN
ALLES WEIGEREN
WIJZIGEN

Noodzakelijk

Deze cookies zijn noodzakelijk om de website te laten functioneren en kunnen daarom niet worden uitgeschakeld.

Statistieken

Deze cookies verzamelen anonieme data waarmee we statistieken kunnen analyseren en de website kunnen verbeteren.

Persoonlijke voorkeuren

Deze cookies bewaren persoonlijke voorkeuren zoals taal of regio om het gedrag en design van de website op af te stemmen.

Marketing

Deze cookies maken het mogelijk om (gepersonaliseerde) advertenties te tonen.

OPSLAAN