A Unit 42, Palo Alto Networks cybersecurity threat research unit, released today itsGlobal Incident Response Report 2025, revealing that 86% of the major cyber incidents in 2024 resulted in operational shutdown, damage to reputation or financial losses.
The report, based on the response to 500 major incidents in 38 countries and across all sectors of the economy, highlights a new trend: criminal groups, with financial motivation, they began to prioritize deliberate harm, destroying systems, blocking clients and causing prolonged shutdowns to maximize impact and pressure victims to pay ransoms
The speed, the sophistication and scale of the attacks reached unprecedented levels, driven by threats based on artificial intelligence and multifaceted invasions, making the cybersecurity landscape of 2024 even more volatile
Cyber threats are getting faster and more destructive
As attackers rewrite the rules of the game, the defense teams struggle to keep up with the pace. The report highlights several trends
- Attacks faster than everin 25% of the incidents, the attackers exfiltrated data in less than five hours, three times faster than in 2021. The scenario is even more alarming in 20% of cases, where the data theft occurred in less than an hour
- Internal threats on the risethe number of internal incidents related to North Korea tripled in 2024. State-sponsored groups have been infiltrating companies, posing as IT professionals, conquering jobs and, next, installing backdoors, stealing data and even altering source codes
- Multi-pronged attacks have become standardin 70% of cases, the attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments and the human factor at the same time
- Phishing is backafter being surpassed by vulnerabilities last year, phishing has returned to being the main vector for initial access to cyber attacks, representing 23% of the invasions. With the use of generative AI, phishing campaigns are becoming more sophisticated, more convincing and scalable than ever
- The rise of cloud attacksalmost 29% of incidents involved cloud environments, and 21% resulted in operational damage, with invaders exploiting misconfigurations to map entire networks in search of valuable data
- AI as a catalyst for the attack cyclecriminals are using artificial intelligence to create more convincing phishing campaigns, automate the development of malware and accelerate its progression within the attack chain. In a controlled experiment, Unit 42 researchers found that AI-assisted attacks can reduce the time for data exfiltration to just 25 minutes
Why cyber attacks continue to be successful
The report highlights three key factors that are enabling attackers to succeed:
- Complexity compromises security effectiveness:in 75% of the incidents, there was evidence in the logs, but operational silos prevented detection
- Lack of visibility facilitates attacks:40% of cloud incidents were caused by unmonitored assets and shadow IT, allowing the intruders to move laterally without being detected
- Excessive privilege amplifies harmin 41% of the attacks, the attackers exploited excessive permissions to facilitate lateral movement and privilege escalation
Malicious agents are reshaping their strategies, combining AI, automation and multifaceted tactics to circumvent traditional defenses. The time between the initial invasion and the full impact is rapidly decreasing, returning to detection, response and mitigation more critical than ever
To stay ahead of threats in 2025, organizations need to proactively strengthen network security, cloud applications and environments, in addition to empowering your security operations with AI-based solutions for faster and more effective detection and response
