Fast Facts
-
Rapid Expansion of Attack Time: By 2025, cybercriminals averaged just 29 minutes to move laterally within networks post-intrusion, a 65% decrease from prior years, emphasizing the urgent need for improved detection and response.
-
Identity Exploitation: Attackers increasingly utilized legitimate credentials to navigate systems undetected; 82% of CrowdStrike’s detections in 2025 were malware-free, showcasing attackers blending into regular network traffic.
-
AI Impact: AI became a double-edged sword for cybercriminals, serving both as a tool to enhance attack methods and as a target for exploitation, resulting in an 89% increase in attacks by AI-utilizing adversaries.
-
Vulnerability Focus: Threat actors increasingly targeted unmanaged devices and exploited new vulnerabilities from AI integrations, indicating a shift in tactics that demands stronger security measures for both traditional and AI-driven environments.
Attackers Need Just 29 Minutes to Own a Network
In 2025, cybercriminals required less time to move through a network than it takes to watch a sitcom. An analysis by CrowdStrike found that attackers took just 29 minutes on average to pivot to other systems after establishing an initial foothold. This marks a significant 65% acceleration from the previous year. The fastest breakout occurred in a mere 27 seconds, while some attackers began exfiltrating data just four minutes after breaching a system. “Speed is now the defining characteristic of intrusion,” CrowdStrike stated, highlighting how this trend has changed the dynamics of cyber defenses.
For organizations, this rapid ability to compromise networks shrinks the window for detection and response to a fraction of earlier times. “Just a few years ago, the average breakout time was 62 minutes,” said a representative from CrowdStrike. The role of artificial intelligence has played a significant part in this escalation, as it offers attackers more opportunities for speedy intrusions.
Why Attackers Move So Fast
Several factors contribute to the acceleration of attacks. A key issue is the widespread misuse of legitimate credentials, allowing cybercriminals to blend into normal network activity. In 35% of cloud-related incidents analyzed, attackers exploited valid credentials to navigate freely without raising alarms. Instead of breaking through defenses, many attackers simply impersonated trusted systems or users. Alarmingly, 82% of threat detections in 2025 were malware-free, indicating intrusions occurred via authorized pathways.
Moreover, unmanaged devices on enterprise networks pose additional risks. Many of these devices lack typical security measures, making them attractive targets for threat actors. Unmanaged devices often include personal gadgets, third-party applications, and virtual machines. Nation-state actors have become particularly adept at exploiting these vulnerabilities.
The rapid integration of AI into business processes also presents new opportunities for attackers. Cybercriminals leverage AI for reconnaissance, phishing, and developing exploits. This capability has contributed to a staggering 89% increase in attacks among actors who extensively use AI. As adversaries continue to evolve their tactics, the challenge for defenders amplifies. Understanding this landscape becomes crucial for organizations aiming to safeguard their networks.
Expand Your Tech Knowledge
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
CyberRisk-V1
