Palo Alto Networks, a leader in global cybersecurity, has released its annual report on cyber threat incident response through Unit 42, revealing a significant shift in criminal strategies. The report indicates that cybercriminals are moving away from traditional methods such as ransomware and data theft, focusing instead on disrupting business operations. This new trend involves the use of artificial intelligence (AI) to enhance attacks and manipulate insiders to create vulnerabilities.
According to the report, nearly half (44%) of cyber threat incidents are related to web browser vulnerabilities. This alarming statistic highlights the need for organizations to bolster their cybersecurity measures, particularly in the face of evolving threats.
In Thailand, the National Cyber Security Agency (ThaiCERT) reported 392 cyber threat incidents from January to February 2025. The education sector was the most affected, accounting for 27% of incidents, followed by government agencies (17%), financial institutions (17%), and private organizations (12%). Notably, threats targeting financial institutions are often linked to fraudulent websites designed to deceive the public.
The rise in cyber threats has prompted regulatory bodies to strengthen the Zero Trust framework and implement more stringent security measures. The shift in focus from traditional extortion to disrupting business operations necessitates a reevaluation of cybersecurity strategies, especially for sectors reliant on cloud systems and third-party providers.
The Unit 42 report emphasizes the increasing complexity of cyber incidents, analyzing hundreds of major events to identify the challenges businesses face globally. Key findings include:
- Disruption of Business Operations as a Primary Target: Cyber attackers are increasingly using destructive methods to halt business operations, with 86% of incidents in 2024 leading to disruptions or reputational damage.
- Surge in Insider Threats: Incidents involving insider threats have tripled, particularly targeting contract personnel in large tech companies, financial services, media, and military contractors. Techniques used are becoming more sophisticated, making detection difficult.
- Rapid Data Theft: Cybercriminals can now steal data three times faster than in 2021. Approximately 25% of data theft incidents occur within five hours, with nearly 20% taking less than one hour.
- Wider Attack Surface: About 70% of cyber incidents involve at least three attack vectors, underscoring the need for comprehensive security systems that cover endpoints, networks, cloud infrastructure, and human vulnerabilities.
- Phishing as a Major Attack Vector: Phishing remains a leading cause of cybercrime, accounting for 23% of attacks, with generative AI complicating detection and expanding the reach of phishing schemes.
Philipa Coxwell, Vice President and Managing Partner of Unit 42 for the Asia-Pacific region, stated, "Cyber threats targeting organizations in the Asia-Pacific and Japan region are no longer just about data theft; they aim to disrupt entire operations." She emphasized that traditional cybersecurity approaches are insufficient for addressing the evolving challenges organizations face today.
Naiyana Chittattanimit, Country Manager of Palo Alto Networks, echoed this sentiment, highlighting the urgent need for Thai organizations to strengthen their cybersecurity defenses. She noted that current cybercriminal strategies have evolved from typical ransomware and extortion tactics to more deliberate attacks aimed at disrupting business operations.
The report underscores the importance of proactive defense strategies to protect critical infrastructure and Thailand's digital economy. It compiles data from over 500 cases that Unit 42 assisted with between October 2023 and February 2025, involving organizations across 38 countries, including the United States, Europe, the Middle East, and Asia-Pacific.
In another significant development, the Thai government is intensifying efforts to combat online fraud, particularly related to electronic cigarettes, known locally as "Buhri Fai Fa." Prasert Chanthararuangthong, the Minister of Digital Economy and Society, announced that the ministry has been actively shutting down social media pages and websites associated with the illegal sale of these products.
Since March 2024, the Ministry of Digital Economy has blocked a total of 9,705 URLs and is awaiting court orders for an additional 1,012 cases. This crackdown is part of a broader initiative to curb illegal online activities, particularly those targeting youth and public health.
Chanthararuangthong emphasized the health risks associated with electronic cigarettes, stating, "I would like to emphasize once again that Buhri Fai Fa has a negative impact on the health of the people and youth, and there is also a legal aspect." He highlighted the penalties for selling or providing electronic cigarettes, which can include imprisonment for up to three years or fines up to 600,000 baht.
The legal framework surrounding electronic cigarettes includes severe penalties for possession and importation of these products without proper customs procedures, with potential prison sentences of up to ten years and fines up to five times the product's value.
As the Thai government ramps up its efforts to combat cybercrime and illegal online activities, the need for robust cybersecurity strategies becomes increasingly critical. Organizations are urged to adopt comprehensive security measures and leverage AI-driven solutions to stay ahead of evolving threats.
In conclusion, the landscape of cyber threats continues to evolve, with attackers employing increasingly sophisticated tactics to disrupt businesses and steal data. Both the cybersecurity sector and regulatory bodies must adapt to these changes, ensuring that organizations are equipped to face the challenges of today and tomorrow.
