Palo Alto Networks' Unit 42 has released its annual global cyber incident response report for 2025, revealing significant shifts in the tactics employed by cybercriminals. The report indicates that attackers are moving away from traditional ransomware and data theft methods, focusing instead on disrupting business operations. This evolution in strategy includes the use of artificial intelligence (AI) to facilitate attacks and the exploitation of insider threats.
According to the report, nearly half of the cyber incidents (44%) involve web browsers, underscoring the vulnerabilities present in this area. In a related report, the Thai Computer Emergency Response Team (ThaiCERT) documented 392 cyber incidents in Thailand between January and February 2025, with the education sector being the most affected (27%), followed by government agencies (17%), the financial sector (17%), and private businesses (12%).
The report from Unit 42 emphasizes that threats targeting financial institutions have escalated, often involving fraudulent websites designed to deceive the public. This aligns with ThaiCERT's findings, which highlight the increasing sophistication of cyberattacks globally, particularly against financial and governmental entities.
Philipa Cox, Vice President and Partner at Unit 42 for the Asia Pacific and Japan regions, stated, "Cybercriminals targeting organizations in the Asia Pacific and Japan are no longer just looking to steal data; they aim to disrupt entire operations." This reflects a broader trend where organizations must reassess their cybersecurity measures to prevent attacks that could halt their business activities.
The Unit 42 report also notes that the number of insider threats has tripled, with a significant connection to North Korean actors. These incidents primarily target technical contractors within large tech companies, financial services, media, and military contractors. The techniques employed by these attackers have become increasingly sophisticated, utilizing hardware devices and creating covert channels through software development tools like Visual Studio Code.
Furthermore, the speed of data theft has dramatically increased, with attackers able to exfiltrate data three times faster than in 2021. Approximately 25% of data breaches occur in less than five hours, and nearly 20% happen in under one hour. The report indicates that around 70% of cyber incidents involve at least three attack vectors, highlighting the need for comprehensive security systems across endpoints, networks, cloud environments, and human vulnerabilities.
Phishing attacks have resurged as a primary vector for cyber intrusions, accounting for about 23% of all incidents. This method has become more sophisticated due to the integration of generative AI technologies, making phishing attempts harder to detect. Cox emphasized the importance of strong data governance and proactive cybersecurity measures, stating that traditional security approaches are no longer sufficient to address the complexities organizations face today.
In Thailand, the urgency for enhanced cybersecurity measures is palpable. Piya Jitnimitr, the country manager for Palo Alto Networks, stressed that the rapid change in cybercriminal strategies necessitates that organizations in Thailand bolster their cybersecurity frameworks. "Organizations should adopt Zero Trust principles and integrate AI-driven security capabilities to combat evolving threats effectively," he advised.
The Unit 42 report serves as a crucial reminder of the complexities in the cyber threat landscape, as it analyzes hundreds of significant cyber incidents that pose challenges for businesses worldwide. The findings underscore the necessity for organizations to adopt proactive measures to protect their critical infrastructure and digital economy.
In addition to the Unit 42 report, the ThaiCERT has been actively monitoring and responding to cyber threats in Thailand. The rise in incidents, particularly in the education and government sectors, reflects broader vulnerabilities that need urgent attention. As organizations increasingly rely on cloud services and third-party vendors, the risk of cyber incidents grows, necessitating a robust approach to cybersecurity.
As the threat landscape evolves, the emphasis on collaboration and increased cybersecurity awareness becomes paramount. Organizations are encouraged to prioritize security fundamentals, including the adoption of Zero Trust principles and AI-driven security solutions, to mitigate risks effectively.
In conclusion, the findings from both the Unit 42 report and ThaiCERT highlight the pressing need for heightened cybersecurity measures in Thailand and beyond. With cyber threats becoming more sophisticated and widespread, organizations must remain vigilant and proactive in their efforts to safeguard their operations against potential disruptions.
