79% of Attacks Are Now Malware-Free

CrowdStrike's 2025 Global Threat Report provides the most authoritative data on the shift from malware-based attacks to identity-based intrusions. The headline number: 79% of initial access detections in 2024 were malware-free.

This means nearly 4 out of 5 attacks do not involve malicious software. Instead, attackers use stolen credentials, social engineering, and legitimate system tools to gain and maintain access. They log in rather than break in.

The supporting data is equally concerning: - Access broker advertisements on criminal marketplaces surged 50% year-over-year - Voice phishing (vishing) skyrocketed 442% between H1 and H2 2024 - AI-generated phishing emails achieved a 54% click-through rate compared to 12% for human-crafted equivalents - Identity-based intrusions appeared in 35% of cloud incidents - Average breakout time was 48 minutes; the fastest was 51 seconds

When the majority of attacks do not use malware, the entire defensive model must shift. Endpoint detection, antivirus, and network monitoring catch the minority case. Identity detection (monitoring authentication patterns, OAuth grants, privilege escalation, and session anomalies) addresses the majority case.

This report is the strongest empirical argument for identity-first security architecture. If your security investment is weighted toward endpoint and network controls while identity monitoring remains an afterthought, your defensive posture is inverted relative to the actual threat landscape.