Palo Alto Networks, the global cybersecurity leader, released the 2025 Unit 42 Global Incident Response Report, which found that threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats. According to the report, almost half of the security incidents (44%) involved a web browser.
In Malaysia, the rising threat to critical infrastructure has prompted industry leaders to take a more proactive stance on cybersecurity. According to CyberSecurity Malaysia, 6,209 cases were reported in 2024, with fraud, intrusion attempts, and malware attacks primarily targeting government agencies, financial institutions, and businesses, a 5% increase from the previous year.
Recognising the urgent need for stronger defences, the Malaysian government allocated RM30 million in Budget 2025 to step up Malaysia’s cyber resilience. This includes RM20 million to strengthen the National Scam Response Centre and an additional RM10 million to expand NACSA by adding 100 new positions.
As financial institutions, healthcare providers, and government agencies across the globe face an unprecedented cyber threat landscape, regional regulators are strengthening Zero Trust frameworks, adopting AI-powered security solutions, and enforcing stricter compliance measures.
The shift from financial extortion to full-scale business disruption means enterprises must rethink their cyberdefences before an attack happens, particularly in sectors that rely on cloud and third-party vendors.
The 2025 Unit 42 Global Incident Response Report, which analysed hundreds of major cyber incidents, aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide.
Key findings of the 2025 Unit 42 Incident Response Report include:
- Operational Disruption as a Primary Goal: Attackers are prioritising sabotage over data theft, aiming to cripple businesses and maximise extortion. In 2024, 86% of incidents led to operational downtime or reputational damage.
- Surge in Insider Threats Linked to North Korea: Cases tripled in 2024, with operatives targeting contract-based technical roles at major tech firms, financial services, media, and government defence contractors. Advanced techniques, including hardware-based KVM-over-IP devices and Visual Studio Code tunnelling, make detection more challenging.
- Accelerated Data Exfiltration: Attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours and nearly 20% occurring in under an hour.
- Expanded Attack Surfaces: 70% of incidents involved three or more attack vectors, underscoring the need for comprehensive security across endpoints, networks, cloud environments, and human vulnerabilities. Web browsers remain a weak link, facilitating 44% of attacks via phishing, malicious redirects, and malware downloads.
- Phishing Resurges as Top Entry Point: 23% of attacks began with phishing, overtaking vulnerabilities as the leading attack vector. GenAI has made phishing campaigns more scalable, sophisticated, and difficult to detect.
“Cyber criminals targeting organisations in the Asia-Pacific and Japan region are no longer just stealing data; they are actively taking down entire operations,” said Philippa Cogswell, Vice President and Managing Partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. “Traditional approaches to cybersecurity are no longer sufficient in addressing the visibility gaps and complexity challenges that organisations face today. To stay ahead of evolving threats, businesses must adopt AI-driven, automated security solutions that can outpace adversaries and provide comprehensive real-time protection.”
“Malaysia’s rapid digital transformation presents vast opportunities, but it also widens the attack surface for cyber threats. This shift underscores the urgent need for organisations to strengthen their cybersecurity strategies. With the Cyber Security Act now in place, Malaysia is taking a significant step toward a more secure digital future by enhancing regulatory frameworks and enforcing stricter security measures for critical industries. Businesses must align with national initiatives like NACSA’s cyber resilience programmes and adopt AI-driven security measures. The 2025 Unit 42 Global Incident Response Report underscores the urgency of a proactive approach to safeguard Malaysia’s digital economy from emerging cyber threats.” said Sarene Lee, Country Manager, Malaysia at Palo Alto Networks.
Data for this report was sourced from more than 500 cases Unit 42 responded to between October 2023 and December 2024, as well as from other case data going back to 2021. The affected organisations were headquartered in 38 unique countries, including the U.S. and those based in Europe, the Middle East, and Asia-Pacific.
To download the full report, please visit: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report
