A Unidade 42, Palo Alto Networks Cybersecurity Threat Research Unit, revealed today itsGlobal Incident Response Report 2025, revealing that 86% of major cyber incidents in 2024 resulted in operational shutdown, damage to reputation or financial losses.
The report, based on the response to 500 major incidents in 38 countries and across all sectors of the economy, highlights a new trend: criminal groups, with financial motivation, they began to prioritize deliberate harm, destroying systems, blocking clients and causing prolonged shutdowns to maximize impact and pressure victims to pay ransoms
The speed, the sophistication and scale of the attacks have reached unprecedented levels, driven by threats based on artificial intelligence and multifaceted invasions, making the cybersecurity landscape of 2024 even more volatile
Cyber threats are faster and more destructive
As attackers rewrite the rules of the game, the defense teams struggle to keep up with the pace. The report highlights several trends
- Faster attacks than everin 25% of incidents, the attackers exfiltrated data in less than five hours, three times faster than in 2021. The scenario is even more alarming in 20% of cases, where the data theft occurred in less than an hour
- Rising internal threatsthe number of internal incidents linked to North Korea tripled in 2024. State-sponsored groups have been infiltrating companies, pretending to be IT professionals, conquering jobs and, надалі, installing backdoors, stealing data and even altering source codes
- Multifaceted attacks have become the normin 70% of cases, the attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, мереж, cloud environments and human factor at the same time
- Phishing is backafter being surpassed by vulnerabilities last year, phishing has returned to being the main vector for initial access to cyber attacks, representing 23% of the invasions. With the use of generative AI, phishing campaigns are more sophisticated, more convincing and scalable than ever
- The growth of cloud attacksalmost 29% of incidents involved cloud environments, and 21% resulted in operational damage, with invaders exploiting misconfigurations to map entire networks in search of valuable data
- AI as a catalyst for the cycle of attackscriminals are using artificial intelligence to create more convincing phishing campaigns, automate the development of malware and accelerate its progression within the attack chain. In a controlled experiment, researchers from Unit 42 discovered that AI-assisted attacks can reduce the time for data exfiltration to just 25 minutes
Why cyber attacks continue to be successful
The report highlights three main factors that are enabling attackers to succeed
- Complexity undermines the effectiveness of securityin 75% of incidents, there was evidence in the logs, but operational silos prevented detection
- Lack of visibility facilitates attacks40% of cloud incidents were caused by unmonitored assets and shadow IT, allowing the intruders to move laterally without being detected
- Excess of privileges amplifies the damagein 41% of the attacks, the attackers exploited excessive permissions to facilitate lateral movement and privilege escalation
Malicious agents are reshaping their strategies, combining AI, automation and multifaceted tactics to circumvent traditional defenses. The time between the initial invasion and the full impact is rapidly decreasing, returning to detection, response and mitigation more critical than ever
To stay ahead of threats in 2025, organizations need to proactively strengthen network security, applications and cloud environments, in addition to empowering your security operations with AI-based solutions for faster and more effective detection and response
