行业研究公司研究宏观策略财报招股书会议纪要稀土低空经济 DeepSeek AIGC 智能驾驶大模型

2025年全球事件响应报告

信息技术2025-02-11Palo Alto Networks陳***

AI智能总结

核心观点

勒索软件攻击趋势：勒索软件攻击正从单纯的数据加密和勒索，演变为更具破坏性的运营中断。2024年，86%的攻击事件都造成了业务中断，包括运营停机、声誉损害等。
软件供应链和云攻击：云环境和软件供应链成为攻击者的重点目标，攻击频率和复杂度都在增加。身份和访问管理 (IAM) 问题，如配置错误和凭证滥用，是导致云攻击的主要原因。
攻击速度加快：自动化和黑客工具包的采用，使得攻击速度加快，给防御者更少的时间响应。2024年，近五分之四的攻击事件中，数据窃取在入侵后不到一天内发生。
内部威胁上升：北朝鲜等国家支持的内部威胁攻击日益猖獗，他们通过伪造身份和获得技术职位来窃取信息。2024年，与北朝鲜相关的内部威胁案件增加了三倍。
AI辅助攻击：人工智能 (AI) 正被用于增强攻击能力，例如制作更逼真的钓鱼邮件和自动化恶意软件开发。AI辅助攻击的速度更快，规模更大，更难检测。

关键数据

2024年，Unit 42 响应了超过500起重大网络攻击，涉及38个国家，所有主要行业垂直领域。
近一半 (44%) 的安全事件涉及恶意活动通过员工浏览器发起或促进。
2024年，与北朝鲜相关的内部威胁案件增加了三倍。
2024年，中位数勒索软件要价增加到125万美元，比2023年增长近80%。
2024年，平均每月启动约300个新的云服务，而云服务在安全事件中占29%。

研究结论

攻击者经常从多个领域攻击组织，因此需要保护端点、网络、云环境和人类因素。
攻击者成功的关键因素包括复杂性、可见性差距和过度信任。
安全领导者必须加速向零信任的转变，保护应用程序和云环境，并赋予安全运营团队更强的可见性和响应能力。

Table of ContentsExecutive Summary.....................................................................................................................................................1.Introduction..............................................................................................................................................................2.Emerging Threats and Trends..........................................................................................................................Trend 1.Disrupting Business Operations: The Third Wave of Extortion Attacks.............................................................6Trend 2.Increasing Impact in Software Supply Chain and Cloud Attacks....................................................................10Trend 3.Speed: Attacks are Getting Faster, Giving Defenders Less Time to Respond.............................................13Trend 4.The Rise of Insider Threats: North Korea’s Insider Threat Spree........................................................................15Trend 5. The Emergence of AI-assisted Attacks.........................................................................................................................163.How Threat Actors Succeed: Common Effective Tactics, Techniques and Procedures.......3.1.Intrusion: Growing Social Engineering, Both Widespread and Targeted................................................................193.2.Attack Technique Insights From Unit 42 Case Data........................................................................................................204.Recommendations for Defenders.................................................................................................................4.1.Common Contributing Factors..................................................................................................................................................234.2.Recommendations for Defenders.............................................................................................................................................245.Appendix: MITRE ATT&CK®Techniques by Tactic, Investigation Typesand Other Case Data..........................................................................................................................................5.1Overview of Observed MITRE Techniques by Tactic.......................................................................................................275.2.Data by Region and Industry.......................................................................................................................................................326.Data and Methodology......................................................................................................................................Contributors..............................................................................................................................................................................................37 2Global Incident Response Report 202534618232737 Executive SummaryWe see five major emerging trends reshaping the threat landscape.•●First, threat actors are augmenting traditional ransomware and extortion withattacks designed to intentionally disrupt operations. In 2024, 86% of incidentsthat Unit 42 responded to involved business disruption — spanning operationaldowntime, reputational damage or both.•Second, software supply chain and cloud attacks are growing in both frequencyand sophistication. In the cloud, threat actors often embed within misconfiguredenvironments to scan vast networks for valuable data. In one campaign, attackersscanned more than 230 million unique targets for sensitive information.•Third, the increasing speed of intrusions — amplified by automation andstreamlined hacker toolkits — gives defenders minimal time to detect and respond.In nearly one in five cases, data exfiltration took place within the first hour ofcompromise.•Fourth, organizations face an elevated risk of insider threats, as nation-states likeNorth Korea target organizations to steal information and fund national initiatives.Insider threat cases tied to North Korea tripled in 2024.•Fifth, early observations of AI-assisted attacks show how AI can amplify the scaleand speed of intrusions.Amid these trends, we’re also seeing a multi-pronged approach in attacks, as threatactors target multiple areas of the attack surface. In fact, 70% of the incidents Unit 42responded to happened on three or more fronts, underscoring the need to protectendpoints, networks, cloud environments and the human factor in tandem. And on thehuman element — nearly half of the security incidents (44%) we investigated involved aweb browser, including phishing attacks, malicious redirects and malware downloads.Drawing from thousands of incident responses over years of experience, we’ve identifiedthree core enablers that allow adversaries to succeed:complexity, gaps in visibilityand exc

点击免费查看完整报告

你可能感兴趣

2025年全球事件响应报告

你可能感兴趣

2021安全事件响应观察报告

2019年安全事件响应观察报告

绿盟科技安全事件响应观察报告

2025年全球事件应变报告

工业控制系统与操作技术环境中的网络事件响应规划考虑因素指南