Cybercriminals shift from ransomware to AI-Assisted Attacks – Palo Alto Networks

Palo Alto Networks has released its 2025 Unit 42 Global Incident Response Report, revealing that cybercriminals are shifting their focus from ransomware and data theft to business disruption, AI-driven attacks, and insider threats. The report, based on over 500 cyber incidents, found that 44% of security breaches involved web browsers.

Why it Matters: The report highlights the growing complexity of cyber threats, with attackers prioritizing operational sabotage over data theft. Financial institutions, healthcare providers, and government agencies must strengthen their cybersecurity measures to prevent severe disruptions.

In the Philippines, government agencies, academic institutions, and telecommunications companies remain prime targets, according to the Department of Information and Communications Technology (DICT). Meanwhile, 10% of attacks were directed at the banking and healthcare sectors. The country’s Central Bank is now working on a cyber resilience council to protect financial infrastructure.

Key Findings from the Report:

• Operational Disruption as a Priority: 86% of incidents in 2024 led to downtime or reputational damage.
• Increase in Insider Threats: North Korean-linked insider attacks tripled in 2024, targeting major tech firms and government defense contractors.
• Faster Data Theft: Attackers exfiltrated data three times faster than in 2021, with 25% of cases seeing data stolen within five hours.
• Expanded Attack Surfaces: 70% of incidents used multiple attack vectors, emphasizing the need for stronger endpoint, network, and cloud security.
• Phishing Resurgence: 23% of attacks began with phishing, now enhanced by AI-generated scams.

Experts from Palo Alto Networks stress that traditional cybersecurity methods are no longer sufficient. Instead, organizations should adopt AI-driven, automated security solutions for real-time threat detection and response.

As cyber threats continue to evolve, do you think businesses in the Philippines are doing enough to protect their digital infrastructure? Share your thoughts in the comments.