Palo Alto Networks has released its latest Unit 42 Global Incident Response Report, analysing more than 750 incidents across 50 countries. The findings provide insight into current cyber threat trends and outline observations on evolving attack strategies and security considerations.
The report notes a shift in how artificial intelligence is being used in cyber attacks. According to the findings, threat actors are operationalising AI to enhance their tactics. It highlights an increase in exfiltration speeds — from five hours to approximately 72 minutes — indicating that AI may be contributing to faster attack execution.
Browsers are identified as significant targets, with 48 percent of incidents involving browser-based activity. The report suggests that routine digital interactions, including email use and access to SaaS tools, can create potential entry points for malicious activity.
Modern cyber threats are described as increasingly complex. The report states that 87 percent of intrusions involve multiple attack surfaces, with some spanning up to 10 different platforms. Attackers are observed coordinating activity across varied infrastructure, including cloud environments, networks, identity systems and SaaS applications.
Identity-related vulnerabilities are also highlighted. In nearly 90 percent of the incidents analysed, weaknesses in identity management contributed to intrusions. Around 65 percent of breaches originated from identity-based techniques, including social engineering. The findings emphasise the importance of strengthening identity controls to reduce risk.
The report also points to a rise in software supply chain breaches, particularly through third-party SaaS applications. The abuse of trusted connections has increased, with APIs and OAuth tokens identified as common vectors for lateral movement within environments.
At the same time, the report notes a decline in encryption-focused extortion. The proportion of incidents involving encryption-based tactics decreased from 92 percent to 78 percent, with attackers increasingly focusing on direct data theft rather than encrypting systems. The report states that the speed and discreet nature of these thefts present challenges for detection and response.
Overall, the Unit 42 report outlines changes in threat activity and highlights areas where organisations may need to review and adapt their security measures in response to evolving tactics.
