Palo Alto Networks has released the 2025 Unit 42 Global Incident Response Report, which found that threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats. According to the report, almost half of the security incidents (44%) involved a web browser.
The Indian government recently revealed that cyber fraud cases jumped over four-fold in FY2024, causing US$ 20 million (177 crores) in losses. These cases have varied from deepfake scams, and voice cloning scams, to phishing scams and more, causing loss of important data along with fiscal troubles.
Recognising the dire need for stronger cybersecurity defence, the Indian government allocated over 1,900 crores for cybersecurity initiatives and projects in the Union Budget 2025, a whopping increase of 18% as compared to 1,600 crores allocated in the last budget.
As financial institutions, healthcare providers, and government agencies across the globe face an unprecedented and ever-evolving cyber threat landscape, regional regulators are strengthening Zero Trust frameworks, adopting AI-powered security solutions, and enforcing stricter compliance measures.
The shift from financial extortion to full-scale business disruption means enterprises must rethink their cyber defences before an attack happens, particularly in sectors that rely on cloud and third-party vendors.
The 2025 Unit 42 Global Incident Response Report, which analysed hundreds of major cyber incidents, aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide.
Key findings of the 2025 Unit 42 Incident Response Report include:
- Operational Disruption as a Primary Goal: Attackers are prioritising sabotage over data theft, aiming to cripple businesses and maximize extortion. In 2024, 86% of incidents led to operational downtime or reputational damage.
- Surge in Insider Threats Linked to North Korea: Cases tripled in 2024, with operatives targeting contract-based technical roles at major tech firms, financial services, media, and government defense contractors. Advanced techniques, including hardware-based KVM-over-IP devices and Visual Studio Code tunneling, make detection more challenging.
- Accelerated Data Exfiltration: Attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours, and nearly 20% occurring in under an hour.
- Expanded Attack Surfaces: 70% of incidents involved three or more attack vectors, underscoring the need for comprehensive security across endpoints, networks, cloud environments, and human vulnerabilities. Web browsers remain a weak link, facilitating 44% of attacks via phishing, malicious redirects, and malware downloads.
- Phishing Resurges as Top Entry Point: 23% of attacks began with phishing, overtaking vulnerabilities as the leading attack vector. GenAI has made phishing campaigns more scalable, sophisticated, and difficult to detect.
“Cyber criminals targeting organisations in the Asia-Pacific and Japan region are no longer just stealing data, they are actively taking down entire operations,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. “Traditional approaches to cybersecurity are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection.”
“We have observed a notable rise in cyberattacks as threat actors increasingly adopt automation, RaaS models, and GenAI to streamline their campaigns. These tools allow attackers to rapidly identify vulnerabilities, create realistic phishing tricks and launch large-scale attacks faster, that aren’t just causing data theft but making business disruption their primary goal,” said Huzefa Motiwala, Senior Director, Technical Solutions, India and SAARC, Palo Alto Networks. “Organisations must adopt AI-powered security solutions to keep up with modern threats, recognising the urgent need to fight AI with AI.”
Data for this report was sourced from more than 500 cases Unit 42 responded to between October 2023 and December 2024, as well as from other case data going back to 2021. The affected organisations were headquartered in 38 unique countries, including the U.S. and those based in Europe, the Middle East, and Asia-Pacific.
