Palo Alto Networks, released the 2025 Unit 42 Global Incident Response Report, which found that threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats. According to the report, almost half of the security incidents (44%) involved a web browser.
Recently, ThaiCERT, a division under the National Cyber Security Agency (NCSA), reported that Thailand recorded 392 cybersecurity incidents between January and February 2025. The education sector accounted for the highest proportion of attacks (27%), followed by government agencies (17%), the banking and finance sector (17%), and private Thai commercial enterprises (12%). Notably, threats targeting banking and financial institutions primarily involved fraudulent websites designed to deceive the public. This closely aligns with the findings of the Unit 42 Global Incident Response Report, highlighting the prevalence of website fraud.
As financial institutions, healthcare providers, and government agencies across the globe face an unprecedented cyber threat landscape, regional regulators are strengthening Zero Trust frameworks, adopting AI-powered security solutions, and enforcing stricter compliance measures.
The shift from financial extortion to full-scale business disruption means enterprises must rethink their cyber defenses before an attack happens, particularly in sectors that rely on cloud and third-party vendors.
The 2025 Unit 42 Global Incident Response Report, which analyzed hundreds of major cyber incidents, aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide.
Key findings of the 2025 Unit 42 Global Incident Response Report include:
- Operational Disruption as a Primary Goal: Attackers are prioritizing sabotage over data theft, aiming to cripple businesses and maximize extortion. In 2024, 86% of incidents led to operational downtime or reputational damage.
- Surge in Insider Threats Linked to North Korea: Cases tripled in 2024, with operatives targeting contract-based technical roles at major tech firms, financial services, media, and government defense contractors. Advanced techniques, including hardware-based KVM-over-IP devices and Visual Studio Code tunneling, make detection more challenging.
- Accelerated Data Exfiltration: Attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours, and nearly 20% occurring in under an hour.
- Expanded Attack Surfaces: 70% of incidents involved three or more attack vectors, underscoring the need for comprehensive security across endpoints, networks, cloud environments, and human vulnerabilities. Web browsers remain a weak link, facilitating 44% of attacks via phishing, malicious redirects, and malware downloads.
- Phishing Resurges as Top Entry Point: 23% of attacks began with phishing, overtaking vulnerabilities as the leading attack vector. GenAI has made phishing campaigns more scalable, sophisticated, and difficult to detect.
“Cyber criminals targeting organizations in the Asia-Pacific and Japan region are no longer just stealing data, they are actively taking down entire operations,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. “Traditional approaches to cybersecurity are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection.”
“The rapid shift in cybercriminal tactics highlights the urgent need for Thai organisations to strengthen their cybersecurity postures. Threat actors augment traditional ransomware and extortion with attacks designed to intentionally disrupt operations. Organisations must adopt a Zero Trust approach and leverage AI-driven security to mitigate evolving threats. The 2025 Unit 42 Global Incident Response Report findings reinforce the importance of proactive defence strategies to safeguard Thailand’s critical infrastructure and digital economy.” said Piya Jitnimit, Country Manager Palo Alto Networks Thailand.
Data for this report was sourced from more than 500 cases Unit 42 responded to between October 2023 and December 2024, as well as from other case data going back to 2021. The affected organizations were headquartered in 38 unique countries, including the U.S. and those based in Europe, the Middle East, and Asia-Pacific.
Building a Shield of Trust: How Gogolook and Whoscall are Battling the Global Scam Epidemic
Thailand, Southeast Asia told to focus on their retail and digital strength
Cloudsec Asia partners with Nokia to strengthen cybersecurity for organizations in Thailand
