Speed of data theft tripled from 2021, study finds

Unit 42, the cybersecurity threat research unit of Palo Alto Networks, today released its Global Incident Response Report 202586% of the major cyber incidents in 2024 resulted in operational downtime, reputational damage or financial losses. 

The report, based on the response to 500 major incidents in 38 countries and across all sectors of the economy, highlights a new trend: financially motivated criminal groups have prioritized deliberate damage, destroying systems, blocking customers and causing prolonged shutdowns to maximize impact and pressure victims to pay ransoms.

The speed, sophistication and scale of attacks have reached unprecedented levels, driven by artificial intelligence-based threats and multi-faceted intrusions, making the 2024 cybersecurity landscape even more volatile.

Cyber threats are faster and more destructive

As attackers rewrite the rules of the game, defense teams struggle to keep pace.The report points out several trends:

• Attacks faster than ever: in 25% of the incidents, the attackers exfiltrated data in less than five hours, three times faster than in 2021. The scenario is even more alarming in 20% of the cases, where data theft occurred in less than an hour.
• Internal threats on the rise: the number of internal incidents linked to North Korea tripled in 2024.State-sponsored groups have infiltrated companies, posing as IT professionals, gaining jobs and then installing backdoors, stealing data and even changing source codes.
• Multi-faceted attacks have become standard: in 70% of cases, attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments and human factor at the same time.
• Phishing is back: after being outperformed by vulnerabilities last year, phishing has once again become the primary initial access vector for cyber attacks, representing 23% of intrusions.With the use of generative AI, phishing campaigns are more sophisticated, convincing and scalable than ever.
• The growth of attacks on the cloud: nearly 29% of the incidents involved cloud environments, and 21% resulted in operational damage, with attackers exploiting incorrect configurations to map entire networks in search of valuable data.
• AI as a catalyst for the attack cycle: criminals are utilizing artificial intelligence to create more convincing phishing campaigns, automate malware development, and accelerate their progression within the attack chain.In a controlled experiment, Unit 42 researchers found that AI-assisted attacks can reduce the time to data exfiltration to as little as 25 minutes.

Why are cyber attacks still successful?

The report highlights three key factors that are enabling attackers to succeed:

• Complexity compromises safety effectiveness: in 75% of the incidents, there was evidence in the logs, but operational silos prevented detection.
• Lack of visibility facilitates attacks: 40% of the cloud incidents were caused by unmonitored assets and shadow IT, allowing attackers to move laterally undetected.
• Excess privileges amplify the damage41% of the attacks, attackers exploited excessive permissions to facilitate lateral movement and privilege escalation.

Malicious actors are reshaping their strategies, combining AI, automation, and multi-faceted tactics to bypass traditional defenses.The time between initial invasion and full impact is rapidly decreasing, making detection, response, and mitigation more critical than ever.

To stay ahead of threats in 2025, organizations need to proactively strengthen the security of networks, applications, and cloud environments, and empower their security operations with AI-based solutions for more agile and effective detection and response.