Connect with us

Hi, what are you looking for?

White Papers

Operational disruption now primary goal of cyber attacks — Palo Alto Networks

The Department of Information and Communications Technology (DICT) reports that government agencies, academic institutions, and telecommunications companies remain prime targets for cyber criminals, with 10% of attacks targeted at the banking and healthcare sectors.

Palo Alto Networks, the global cybersecurity player, released the 2025 Unit 42 Global Incident Response Report, which found that threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats. According to the report, almost half of the security incidents (44%) involved a web browser.

In the Philippines, industry players are taking a more proactive approach to building a security framework for digital resilience. The Department of Information and Communications Technology (DICT) reports that government agencies, academic institutions, and telecommunications companies remain prime targets for cyber criminals, with 10% of attacks targeted at the banking and healthcare sectors.

Recognizing the urgent need for stronger cybersecurity measures, key institutions such as the country’s Central Bank are working to establish a targeted cyber resilience council to protect financial infrastructure.

As financial institutions, healthcare providers, and government agencies across the globe face an unprecedented cyber threat landscape, regional regulators are strengthening Zero Trust frameworks, adopting AI-powered security solutions, and enforcing stricter compliance measures.

Advertisement. Scroll to continue reading.

The shift from financial extortion to full-scale business disruption means enterprises must rethink their cyber defenses before an attack happens, particularly in sectors that rely on cloud and third-party vendors.

The 2025 Unit 42 Global Incident Response Report, which analyzed hundreds of major cyber incidents, aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide. 

Key findings of the 2025 Unit 42 Global Incident Response Report include:

  • Operational Disruption as a Primary Goal: Attackers are prioritizing sabotage over data theft, aiming to cripple businesses and maximize extortion. In 2024, 86% of incidents led to operational downtime or reputational damage.
  • Surge in Insider Threats Linked to North Korea: Cases tripled in 2024, with operatives targeting contract-based technical roles at major tech firms, financial services, media, and government defense contractors. Advanced techniques, including hardware-based KVM-over-IP devices and Visual Studio Code tunneling, make detection more challenging.
  • Accelerated Data Exfiltration: Attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours, and nearly 20% occurring in under an hour.
  • Expanded Attack Surfaces: 70% of incidents involved three or more attack vectors, underscoring the need for comprehensive security across endpoints, networks, cloud environments, and human vulnerabilities. Web browsers remain a weak link, facilitating 44% of attacks via phishing, malicious redirects, and malware downloads.
  • Phishing Resurges as Top Entry Point: 23% of attacks began with phishing, overtaking vulnerabilities as the leading attack vector. GenAI has made phishing campaigns more scalable, sophisticated, and difficult to detect.

“Cyber criminals targeting organizations in the Asia-Pacific and Japan region are no longer just stealing data, they are actively taking down entire operations,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. “Traditional approaches to cybersecurity are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection.”

“As cyber threats in Asia-Pacific evolve from data theft to full-scale operational disruption, it is crucial for organizations to reassess their cybersecurity strategies, and shift from fragmented approaches towards a unified security approach that prioritizes real-time threat detection, rapid response, and actionable threat intelligence,” said Steven Scheurmann, Regional Vice President, ASEAN, Palo Alto Networks. “In the Philippines, where critical sectors like finance, healthcare, and government are increasingly reliant on digital infrastructure, building cyber resilience requires not only advanced technological capabilities but also a deeper and stronger collaboration between public and private stakeholders to safeguard the nation’s digital future.”

Data for this report was sourced from more than 500 cases Unit 42 responded to between October 2023 and December 2024, as well as from other case data going back to 2021. The affected organizations were headquartered in 38 unique countries, including the U.S. and those based in Europe, the Middle East, and Asia-Pacific.

Advertisement. Scroll to continue reading.


To download the full report, visit: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

HEADLINES

The new solution equips security teams with significant innovations powered by AI and automation that go beyond traditional “peace time” approaches to cloud security...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

Advertisement