Cyber report warns of AI-driven threats & quicker attacks

Palo Alto Networks Unit 42 has published its 2025 Global Incident Response Report, highlighting significant trends in the cyberthreat landscape over the past year.

The report reveals that 86% of major cyber incidents in 2024 resulted in operational downtime, reputational damage, or financial loss. It also underscores a shift among financially motivated attackers who are increasingly focusing on deliberate operational disruption. These attackers aim to sabotage systems, lock users out, and create prolonged downtime to maximise pressure on organisations to fulfil extortion demands.

The data released by Unit 42 indicates an escalation in the speed, complexity, and scale of attacks, with AI-assisted threats playing a pronounced role in facilitating these developments. "The attacker's new playbook is multipronged, cloud-focused and AI-driven" the report notes, pointing to the increasing sophistication of threats.

Among the key observations, the report notes that cyberattacks are occurring at a faster pace than previously. In 25% of incidents, attackers exfiltrated data in under five hours—three times faster than documented in 2021. Alarmingly, in one in five cases, data theft occurred in less than an hour.

The study also highlights a threefold increase in insider-driven incidents linked to North Korean actors, who have been noted to infiltrate organisations by posing as IT professionals. Once employed, these actors reportedly introduce backdoors, steal data, and alter source codes.

Furthermore, 70% of incidents investigated involved multipronged attacks, exploiting three or more attack surfaces. This necessitates defence strategies that address a wide range of potential vulnerabilities, including endpoints, networks, cloud environments, and human interactions.

The resurgence of phishing as a primary initial access vector is another significant trend observed. Responsible for 23% of initial access incidents, phishing campaigns have become more sophisticated, enhanced by generative AI technologies.

Cloud environments are increasingly under threat as well, with nearly 29% of cyber incidents affecting these systems. Of these, 21% resulted in operational damage due to attackers exploiting misconfigured assets to scan networks for valuable data.

The report also delineates the role of AI in accelerating attack lifecycles. Researchers found that AI-assisted methods can produce more convincing phishing campaigns, expedite the development of malware, and accelerate progression through the attack chain. A controlled experiment by Unit 42 demonstrated that AI could reduce the time to exfiltration to as little as 25 minutes.

The report identifies three main factors allowing cyberattacks to succeed: complexity in security systems, visibility gaps, and excessive levels of trust. In particular, 75% of incidents had detectable evidence that was missed due to silos. Additionally, 40% of cloud incidents resulted from unmonitored assets, facilitating lateral movement by attackers. Excessive privileges were exploited in 41% of cases, enabling further intrusion.

Palo Alto Networks highlights the necessity for enhanced security strategies, emphasising proactive measures to secure networks, applications, and cloud infrastructures. The integration of AI-driven detection and response systems for full visibility and rapid threat mitigation is also advocated to stay ahead of evolving threats in 2025.