2025 Unit 42 Global Incident Response Report: 44% of Security Incidents Involve Web Browsers

Palo Alto Networks has unveiled its 2025 Unit 42 Global Incident Response Report, shedding light on the ever-evolving cyber threat landscape.

The report reveals that cybercriminals are moving beyond traditional tactics such as ransomware and data theft, and are now increasingly focused on business disruption, AI-driven attacks, and insider threats. Notably, 44% of all security incidents involved web browsers, highlighting the growing vulnerability in online platforms.

In the Philippines, key industry players are stepping up their efforts to build robust security frameworks to ensure digital resilience. According to the Department of Information and Communications Technology (DICT), critical sectors like government agencies, academic institutions, and telecommunications companies remain top targets for cyber attackers. A significant 10% of attacks also focus on banking and healthcare sectors, which are particularly vulnerable.

In response to these escalating threats, the Philippines' Central Bank is leading initiatives to form a dedicated cyber resilience council, aimed at securing the country’s financial infrastructure. The global cybersecurity landscape is witnessing a shift, where cybercriminals are no longer solely focused on financial extortion but are increasingly intent on disrupting entire businesses, especially those reliant on cloud services and third-party vendors.

The 2025 Unit 42 Global Incident Response Report, which analyzes hundreds of major cyber incidents, emphasizes the rising sophistication of threat actors and the mounting challenges faced by businesses worldwide. Below are the key findings:

Operational Disruption as a Primary Goal: In 2024, a staggering 86% of incidents resulted in operational downtime or reputational damage, with attackers aiming to cripple businesses for extortion purposes.

Insider Threats Surge: North Korean operatives were identified as a major threat, with insider attacks tripling in 2024. These operatives targeted technical contract roles at prominent organizations, including tech firms, financial services, and defense contractors. Their use of advanced tools like hardware-based KVM-over-IP and Visual Studio Code tunneling has made detection increasingly difficult.

Faster Data Exfiltration: Attackers are now exfiltrating data three times faster than in 2021. Notably, 25% of cases involved data being stolen within just five hours, and 20% of the attacks took less than an hour to exfiltrate.

Expanding Attack Surfaces: 70% of incidents involved multiple attack vectors, highlighting the need for holistic security across endpoints, networks, cloud infrastructures, and even human vulnerabilities. A significant 44% of attacks exploited web browsers through tactics like phishing, malicious redirects, and malware downloads.

Phishing Becomes the Leading Entry Point: Phishing has surged as the top entry vector, accounting for 23% of all attacks. This resurgence is largely driven by GenAI, which has enabled cybercriminals to launch more scalable, sophisticated, and harder-to-detect phishing campaigns.

According to Philippa Cogswell, Vice President and Managing Partner of Unit 42, Asia-Pacific & Japan, "Cyber criminals targeting organizations in the Asia-Pacific and Japan region are no longer just stealing data; they are actively taking down entire operations. Traditional approaches to cybersecurity can no longer address the visibility gaps and complexities businesses face today. To stay ahead of adversaries, organizations must adopt AI-driven, automated solutions for real-time protection."

Steven Scheurmann, Regional Vice President, ASEAN at Palo Alto Networks, stresses the need for a strategic shift: "As cyber threats in Asia-Pacific evolve from data theft to full-scale operational disruption, it is crucial for organizations to reassess their cybersecurity strategies. A unified, real-time approach to threat detection, rapid response, and actionable intelligence is essential to mitigate risk."

This year's report draws on data from over 500 cyber incidents responded to by Unit 42 between October 2023 and December 2024, along with data spanning back to 2021. The report reflects the challenges faced by businesses across 38 countries, including the United States, Europe, the Middle East, and the Asia-Pacific region.

To explore the full findings and download the complete report, visit Palo Alto Networks.