Unit 42, Palo Alto Networks' cybersecurity threat research unit, today released itsGlobal Incident Response Report 2025, revealing that 86% of major cyber incidents in 2024 resulted in operational shutdowns, reputational damage, or financial losses.
The report, based on responses to 500 major incidents in 38 countries and across all sectors of the economy, highlights a new trend: financially motivated criminal groups have shifted their focus to causing deliberate damage, destroying systems, locking out customers and causing prolonged outages to maximize impact and pressure victims into paying ransoms.
The speed, sophistication and scale of attacks have reached unprecedented levels, driven by AI-based threats and multi-faceted intrusions, making the 2024 cybersecurity landscape even more volatile.
Cyber threats are getting faster and more destructive
As attackers rewrite the rules of the game, defense teams struggle to keep up. The report highlights several trends
- Attacks faster than everIn 25% of incidents, intruders exfiltrated data in less than five hours, three times faster than in 2021. The scenario is even more alarming in 20% of cases, where data theft occurred in less than an hour.
- Internal threats on the riseThe number of internal incidents related to North Korea tripled in 2024. State-sponsored groups have infiltrated companies, posing as IT professionals, securing jobs, and then installing backdoors, stealing data, and even altering source codes.
- Multi-pronged attacks have become standard: In 70% of cases, attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments, and human factors at the same time.
- Phishing is backAfter being overtaken by vulnerabilities last year, phishing has once again become the main initial access vector for cyberattacks, accounting for 23% of breaches. With the use of generative AI, phishing campaigns are more sophisticated, convincing, and scalable than ever.
- The rise of cloud attacks: Nearly 29% of incidents involved cloud environments, and 21% resulted in operational damage, with attackers exploiting misconfigurations to scan entire networks for valuable data.
- AI as a catalyst for the attack cycleCriminals are using artificial intelligence to create more convincing phishing campaigns, automate malware development, and accelerate their progression within the attack chain. In a controlled experiment, researchers from Unit 42 discovered that AI-assisted attacks can reduce data exfiltration time to just 25 minutes.
Why do cyber attacks continue to be successful?
The report highlights three key factors that are enabling attackers to succeed:
- Complexity compromises security effectiveness:In 75% of incidents, there was evidence in the logs, but operational silos prevented detection.
- Lack of visibility facilitates attacks:40% of cloud incidents were caused by unmonitored assets and shadow IT, allowing attackers to move laterally without detection.
- Excessive privilege amplifies harm: In 41% of attacks, attackers exploited excessive permissions to facilitate lateral movement and privilege escalation.
Malicious actors are reshaping their strategies, combining AI, automation, and multifaceted tactics to bypass traditional defenses. The time between the initial invasion and total impact is rapidly decreasing, making detection, response, and mitigation more critical than ever.
To stay ahead of threats in 2025, organizations need to proactively strengthen the security of networks, applications, and cloud environments, and empower their security operations with AI-powered solutions for faster, more effective detection and response.
