Legal Industry Leaders: The 2025 CrowdStrike Global Threat Report has officially dropped, and you don’t want to miss it. This is not just another cybersecurity rundown—this is a comprehensive view of what’s happening right now (and what’s lurking around the corner). If you’ve been tracking voice phishing, cloud misconfigurations, identity attacks, or the rise of threat actors targeting even the “smaller” players in legal, then this report is your indispensable guide.
Below, we’ve distilled some of the most critical findings and trends that could impact your firm or organization. Whether it’s a 442% surge in Vishing attacks or the new wave of generative AI (GenAI) malware, these insights will help you anticipate threats and keep your cybersecurity posture ahead of the pack. Grab your copy and keep reading for a quick breakdown of the highlights—then let’s talk about how we can fine-tune your defenses before the attackers come knocking.
Here’s the link to the report in CrowdStrike’s website.
Interesting Stats:
- Average eCrime breakout time dropped to 48 minutes, with the fastest breakout observed at just 51 seconds.
- 79% of detections in 2024 were malware-free, up from 40% in 2019.
- Valid account abuse accounted for 35% of cloud incidents
- 52% of vulnerabilities observed by CrowdStrike in 2024 were related to initial access.
Key Takeaways:
- Surge in Voice Phishing (Vishing): Vishing attacks have seen explosive growth, increasing by 442% between the first and second half of 2024. Note: We know that there is an active threat actor attacking law firms called Luna Month. It is crucial that you ask your attorneys and staff to be wary of suspicious and unexpected "help desk" calls to "clean a virus" or "install an update". More on that in another blog entry.
- Cloud Security Risks: Adversaries are increasingly exploiting misconfigurations and vulnerabilities in cloud environments to gain access and conduct attacks. Implementing cloud-native protection tools like CNAPPs (Cloud-Native Application Protection Platforms) is essential.
- Surge in Access Brokers: Access broker advertisements increased by 50% in 2024, signaling a growing market where adversaries purchase access to systems before launching attacks.
- Targeting SaaS Applications: Adversaries increasingly targeted cloud-based SaaS applications to obtain data for lateral movement, extortion, and downstream targeting. Attacks against SaaS applications accounted for a significant number of incidents, with adversaries leveraging compromised accounts to conduct data theft and extortion.
- Use of Generative AI (GenAI): Generative AI has become a key tool for adversaries, aiding in social engineering campaigns and the development of sophisticated malware.
- Cloud-Specific Threat Actors: New threat actors are focusing on cloud environments, using stealthy techniques to exploit vulnerabilities specific to cloud workloads and services.
- Shift in Attack Methods: In 2024, 79% of threats observed were malware-free, with attackers increasingly using hands-on-keyboard techniques to mimic legitimate user activity, making detection more difficult.
- Rising Identity Attacks: Identity-based attacks, such as credential theft and social engineering, remain the most effective methods for adversaries to gain access. Vishing (voice phishing) attacks increased by 442% in the second half of 2024.
- Exploit Chaining: Threat actors are increasingly chaining multiple vulnerabilities to escalate attacks. By combining exploits, they bypass defenses and gain remote code execution (RCE).
- Security Fatigue and Patch Management: Patch fatigue remains a problem, with vulnerabilities going unpatched or neglected due to complexity, especially in end-of-life products.
- Rapid Breakout Time: The average breakout time for adversaries, or how quickly they move laterally within a network, is now 48 minutes, with some attackers breaking out in as little as 51 seconds.
We recommend that you assess the likelihood and impact of these threats to your firm and make recommendations and adjustments around these threats.
Also, while at it, the three groups below seem to be active in the legal space with what seems like successful Ransomware attacks in small firms. We have confirmed that CrowdStrike has prevention against them.
This is a good opportunity to ask your EDR and MDR providers how they are protecting your firm against these threat actors.