Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Palo Alto Networks’ 2025 Unit 42 Global Incident Response Report reveals the changing nature of cyber threats, with threat actors now switching to business disruption over extortion.
The year 2024 saw not only an alarming rise in cyber security incidents but also the emergence of some troubling trends in the behaviour and motivations of cyber criminals and nation-state actors alike.
The number of insider threats linked to North Korea tripled in 2024, according to Palo Alto Networks’ 2025 Unit 42 Global Incident Response Report, with fake workers looking for contract-based technical roles in the financial services, media, tech, and defence sectors.
These workers are using code tunnelling and KVM-over-IP devices to mask their real locations and make detection more of a challenge for network defenders.
Another worrying trend outlined in the report is that some threat actors are moving away from simple data theft to attempts at widespread disruption in order to extort money from their victims. Unit 42 found that 86 per cent of incidents tracked caused some level of business downtime or brand damage.
“Cyber criminals targeting organisations in the Asia-Pacific and Japan region are no longer just stealing data, they are actively taking down entire operations,” Philippa Cogswell – vice president and managing partner, Unit 42, Asia-Pacific and Japan, at Palo Alto Networks – said in a statement.
“Traditional approaches to cyber security are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection.”
When hackers are exfiltrating data, however, they’re getting much faster – three times faster, in fact. Data was successfully exfiltrated in 25 per cent of incidents, while 20 per cent succeeded in less than an hour.
Attackers are also taking advantage of expanding attack surfaces, with 70 per cent of incidents involving at least three attack vectors. Web browsers are a particular problem – 44 per cent of attacks involved a browser being used for phishing, deploying malware, or phishing attempts.
Phishing has emerged as a favoured entry point, with attackers now preferring the technique over exploiting vulnerabilities. Unit 42 attributes this shift in tactics to the rise of generative AI, which makes phishing harder to detect and easier to deploy at scale.
Unit 42’s data was based on more than 500 incidents that it responded to between October 2023 and December 2024 and some historical data dating back to 2021. The impacted organisations were from 38 countries.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
