2025年全球威胁报告

0102030405060702030737424849 1GLOBAL THREAT REPORT 2025GLOBAL THREATREPORT 2025 Introduction The adversary’s playbook has fundamentally changed. The era of slow,methodical intrusion has been replaced by a new model of high-velocityattacks that prioritize speed and efficiency. Attackers are now exploiting The answer is hidden in your data. To spot today’s high-speed attacks,you need an in-depth understanding of your environment. This meansusing AI-driven analysis to connect real-time events to historical patterns, Our team of researchers, analysts, and engineers at Elastic Security Labsbelieves that the only way to succeed is through an open, community-based approach — we all get stronger when we share what we learn. Executivesummary The age of patient, stealthy attacks is giving way to a new era of high-velocitythreats. Our year-over-year analysis reveals a clear strategic shift: Adversariesare retooling for speed, weaponizing AI to generate novel threats at scale, and The 2025 Elastic Global Threat Report from Elastic Security Labs breaks down this newlandscape. Based on our analysis of global threat telemetry, we’ve identified the key •Adversary priorities on Windows have flipped in the last year.The tacticcategory of Execution now accounts for32.05%of malicious behavior — doublingits previous share of ~16% — and surpassingDefense Evasionas the top tactic. What this means for you –>Attackers are no longer waiting to hide; they arefocused on running malicious code immediately upon entry. This makes runtime •The cloud attack surface is highly concentrated.Over60%of all cloud securityevents boil down to just three adversary goals: Initial Access, Persistence, and What this means for you –>Across all major cloud platforms, this laser focusonidentity-based attacksis a clear signal that hardening authentication flowsand monitoring for anomalous privileged access are the most effective ways to •Adversaries are weaponizing AI to lower the barrier to entry for cybercrime.Wesaw a15.5%increase in Generic threats, a trend likely fueled by adversaries using What this means for you –>The rise of AI-generated threats dramaticallyincreases the volume and variety of malware you face. This means relying lesson static signatures and more onbehavioral analytics and AI-driven detection •The theft of browser credentials has industrialized.Our analysis of over 150,000malware samples revealed thatmore than 1 in 8are designed to steal browserdata. This isn’t for isolated use; these credentials are the raw material fueling the What this means for you –>The browser is a primary battleground for yourorganization’s most sensitive data. Infostealers have adapted to built-in browser •Source code leaks create uniquely permanent risks.As our internal investigationsshow, a single accidental commit to GitHub — from API keys to a passport photo —becomes part of a distributed, immutable history that is incredibly difficult to fully What this means for you –>Continuous monitoring must extend beyondtraditional perimeters and into your developer workflows to secure the entire These trends are deeply interconnected. An adversary can use AI-generated malwareto steal browser credentials, which are then used to gain initial access to a cloudaccount. Once inside, they immediately focus on execution to deploy ransomware or The threat landscape is complex, but by understanding malware and threat behaviorsand leveraging advanced defenses, organizations can significantly improve theirresilience. Elastic Security provides the necessary capabilities and shared intelligence What’s new in this report Broader visibility into customer distribution:For the first time in this report, Elasticis providing the following summary of our enterprise customer distribution to helpcontextualize trends and correlations. This graphic depicts the 10 most prevalentcategories of enterprise, which includes a wide range of service-based businesses, Comparison with hybrid sources:New this year, we provide subsections throughouttheTrends and correlationssection that describe our observations from hybrid public/private sources: Each vendor collects unique telemetry in the sense that our user andcustomer populations may not overlap across regions or industries. This comparison Insight into Elastic security machine learning and AI:With this edition, we’re alsoincluding information on Elastic Security Machine Learning and AI, including model performance and updates. These technologies play a pivotal role in defense-in-depth, Visibility into Elastic’s internal threat data:As Elastic Security’s customer zero,Elastic’s internal information security team provides valuable perspectives aboutthe threats we encounter from the global threat landscape. The case studies they Sunset sections from previous reports:Finally, this edition of Elastic’s Global ThreatReport omits some sections from prior editions (such as forecasts and forecastrebuttals) and focuses on key s