The digital threat landscape is shifting faster than ever and also the strategies required to defend against cyber attacks. The Unit 42, Palo Alto Networks’ team has just released the 2025 Unit 42 Global Incident Response Report, offering critical insights for security and IT leaders to navigate todays increasingly complex and hostile cyber environment.
This new report is based on thousands of incident responses worldwide and highlights five major emerging trends that are actively reshaping how organisations experience, respond to, and recover from cyberattacks. These findings reflect real-world tactics, tools, and behaviors of today’s most advanced threat actors.
The Five Major Emerging Trends are:
Traditional ransomware has evolved. Today’s attackers are intentionally disrupting business operations — even when ransom isn’t paid. In 2024, 86% of incidents Unit 42 investigated led to business disruption, including operational downtime, reputational damage, or both. Cyber extortion is now as much about chaos as it is about payment.
Threat actors are increasingly turning to the software supply chain and cloud environments — targeting misconfigurations and expanding access at scale. One Unit 42 investigation uncovered a campaign where attackers scanned over 230 million unique cloud targets, highlighting how vast and exposed these environments have become.
Automation and streamlined hacking toolkits have drastically reduced the time it takes attackers to breach and exfiltrate data. In nearly 20% of incidents, data was exfiltrated within the first hour of compromise. Defenders must move faster than ever — or risk losing critical data before they even know it’s gone.
Sophisticated insider threat campaigns are increasing — particularly those tied to nation-state actors. Notably, insider incidents linked to North Korea tripled in 2024, with state-sponsored actors targeting intellectual property and financial assets to fund national agendas.
Early trends indicate that AI isn’t just a tool for defenders — it’s becoming a powerful weapon for attackers. AI-assisted intrusions allow adversaries to scale and accelerate their operations, further compressing defenders’ already narrow response windows.
The Bigger Picture: Multi-Front Attacks Are the New Normal
One of the most important takeaways? Modern cyberattacks rarely focus on just one vector. 70% of incidents Unit 42 responded to in 2024 targeted three or more attack surfaces simultaneously — including endpoints, cloud environments, networks, and the human layer.
The human element remains a critical vulnerability: 44% of all incidents involved web browsers, with phishing, malicious redirects, and malware downloads all playing a central role.
What’s Letting Attackers In? Three Core Weaknesses
After years of front-line experience, Unit 42 has identified the three main enablers that continue to give attackers the upper hand:
The Path Forward: Defend Smarter, Not Just Harder
To stay ahead of emerging threats, organisations must adopt a proactive, strategic security posture:
Access the full report here to dive deeper into the data, case studies, and expert recommendations from Unit 42.