digital
2025 Unit 42 Global Incident Response Report Reveals Nearly 44% of Security Incidents Involved a Web Browser
Tuesday, April 1, 2025
Palo Alto Networks, the global cybersecurity leader, has released the 2025 Unit 42 Global Incident Response Report, which found that threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats. According to the report, almost half of the security incidents (44%) involved a web browser.
In the Philippines, industry players are taking a more proactive approach to building a security framework for digital resilience. The Department of Information and Communications Technology (DICT) reports that government agencies, academic institutions, and telecommunications companies remain prime targets for cyber criminals, with 10% of attacks targeted at the banking and healthcare sectors.
Recognizing the urgent need for stronger cybersecurity measures, key institutions such as the country’s Central Bank are working to establish a targeted cyber resilience council to protect financial infrastructure.
As financial institutions, healthcare providers, and government agencies across the globe face an unprecedented cyber threat landscape, regional regulators are strengthening Zero Trust frameworks, adopting AI-powered security solutions, and enforcing stricter compliance measures.
The shift from financial extortion to full-scale business disruption means enterprises must rethink their cyber defenses before an attack happens, particularly in sectors that rely on cloud and third-party vendors.
The 2025 Unit 42 Global Incident Response Report, which analyzed hundreds of major cyber incidents, aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide.
Key findings of the 2025 Unit 42 Global Incident Response Report include:
Operational Disruption as a Primary Goal: Attackers are prioritizing sabotage over data theft, aiming to cripple businesses and maximize extortion. In 2024, 86% of incidents led to operational downtime or reputational damage.
Surge in Insider Threats Linked to North Korea: Cases tripled in 2024, with operatives targeting contract-based technical roles at major tech firms, financial services, media, and government defense contractors. Advanced techniques, including hardware-based KVM-over-IP devices and Visual Studio Code tunneling, make detection more challenging.
Accelerated Data Exfiltration: Attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours, and nearly 20% occurring in under an hour.
Expanded Attack Surfaces: 70% of incidents involved three or more attack vectors, underscoring the need for comprehensive security across endpoints, networks, cloud environments, and human vulnerabilities. Web browsers remain a weak link, facilitating 44% of attacks via phishing, malicious redirects, and malware downloads.
Phishing Resurges as Top Entry Point: 23% of attacks began with phishing, overtaking vulnerabilities as the leading attack vector. GenAI has made phishing campaigns more scalable, sophisticated, and difficult to detect.
"Cyber criminals targeting organizations in the Asia-Pacific and Japan region are no longer just stealing data, they are actively taking down entire operations,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. "Traditional approaches to cybersecurity are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection."
“As cyber threats in Asia-Pacific evolve from data theft to full-scale operational disruption, it is crucial for organizations to reassess their cybersecurity strategies, and shift from fragmented approaches towards a unified security approach that prioritizes real-time threat detection, rapid response, and actionable threat intelligence,” said Steven Scheurmann, Regional Vice President, ASEAN, Palo Alto Networks. “In the Philippines, where critical sectors like finance, healthcare, and government are increasingly reliant on digital infrastructure, building cyber resilience requires not only advanced technological capabilities but also a deeper and stronger collaboration between public and private stakeholders to safeguard the nation’s digital future.”
Data for this report was sourced from more than 500 cases Unit 42 responded to between October 2023 and December 2024, as well as from other case data going back to 2021. The affected organizations were headquartered in 38 unique countries, including the U.S. and those based in Europe, the Middle East, and Asia-Pacific.
To download the full report, please visit: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report
