* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/)
* Unit 42 Predicts the Year...

# Unit 42 Predicts the Year of Disruption and Other Top Threats in 2025

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F11%2Funit-42-predicts-top-threats-in-2025%2F)  
[](https://twitter.com/share?text=Unit+42+Predicts+the+Year+of+Disruption+and+Other+Top+Threats+in+2025&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F11%2Funit-42-predicts-top-threats-in-2025%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F11%2Funit-42-predicts-top-threats-in-2025%2F&title=Unit+42+Predicts+the+Year+of+Disruption+and+Other+Top+Threats+in+2025&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2024/11/unit-42-predicts-top-threats-in-2025/&ts=markdown)  
\[\](mailto:?subject=Unit 42 Predicts the Year of Disruption and Other Top Threats in 2025)  
Link copied  
By [Sam Rubin](https://www.paloaltonetworks.com/blog/author/sam-rubin/?ts=markdown "Posts by Sam Rubin")  
Nov 21, 2024  
6 minutes  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[Unit 42](https://unit42.paloaltonetworks.com)  
[2025 Predictions](https://www.paloaltonetworks.com/blog/tag/2025-predictions/?ts=markdown)

2025 will be the "year of disruption" as organizations experience an increase in cyberattacks that halt business operations and impact end users. This disruption will be defined by a rise in mega breaches that take entire enterprise networks offline, driven by supply chain vulnerabilities and attackers reaching new levels of speed and sophistication. Additionally, the cost of cyber disruption will increase next year as businesses experience downtime due to cyberattacks and scramble to implement defenses fit for the AI-enabled attacker era.

As part of [Palo Alto Networks 2025 predictions](https://www.paloaltonetworks.com/why-paloaltonetworks/cyber-predictions?ts=markdown), read on to uncover Unit 42's insights on what to expect in the coming year.

## Generative AI Will Increase the Speed and Scale of Cyberattacks

#### **Attack Speeds Could Increase up to 100X as Threat Actors Leverage GenAI**

We predict that GenAI will continue to reduce the time needed for every stage of the [MITRE ATT\&CK®](https://attack.mitre.org/)framework. It will also decrease the mean time to exfiltrate (MTTE) for threat actors by enabling them to move rapidly from vulnerability exploitation to impact. In 2023, the MTTE data from an organization was two days (and in some cases hours), down from nine days in 2021. We expect MTTE to continue to decrease in 2025, with the time to exfiltrate dropping as low as 25 minutes for some incidents. That's over 100x faster attacks in just three years.

Elsewhere in the MITRE ATT\&CK framework, we'll encounter GenAI-powered operations capable of accelerating reconnaissance by automating open-source intelligence (OSINT), aiding initial access through hyperpersonalized phishing and smishing communications, and automating the identification of sensitive information and assets. GenAI will significantly reduce the time required for persistence and lateral movement by automating and streamlining various stages of the attack lifecycle. This will allow adversaries to pivot across networks and deliver customized payloads more quickly.

#### **Adversaries Will Leverage GenAI-Enhanced Ransomware-as-a-Service (RaaS) for More Advanced Attacks**

In 2025, we foresee GenAI capabilities (e.g., threat actor-trained LLMs) automating portions of ransomware development and distribution. It will also be used to facilitate the creation of customizable ransomware kits and builders, complete with automated encryption, victim targeting and reconnaissance. There's even the possibility of chatbots being utilized by threat actors to more quickly and easily negotiate ransom demands.

The impact could be an increase in the frequency and sophistication of ransomware attacks. This could result in a greater challenge for cybersecurity professionals in defending against and mitigating the effects of such attacks.

## Ransomware Dynamics Will Shift

#### **Cybercriminals Will Pour Higher Ransom Payments into R\&D to Increase Scale, Sophistication and Speed of Attacks**

We project that cybercriminals will lean on business disruption to continue to demand ransom payments in the tens of millions. Many sophisticated groups, such as [Muddled Libra](https://unit42.paloaltonetworks.com/muddled-libra/), will reinvest these funds into the maturation of their cybercriminal capabilities to circumvent defenses. We'll see more sophisticated tactics from these groups as their profits are used to improve capabilities along every step of the attack chain. In 2025, attackers will begin developing and testing generative AI technologies to use over the next 3-5 years. This could enable them to identify and exploit zero-day vulnerabilities and even create AI agents capable of executing autonomous attacks.

#### **But... Ransomware Efficacy Hangs in the Balance as Organizations Enhance Resilience**

We anticipate a shift in the effectiveness of ransomware demands as organizations increasingly focus on enhancing disaster recovery capabilities, leveraging cloud-based redundancies and investing in resilient architectures. With these advancements, businesses are gaining the ability to restore operations independently, reducing the need to consider ransom payments.

We'll also see a decline in ransom payments as organizations realize the limited benefits it provides in controlling stolen data. Paying a threat actor fails to remove legal liability for data breaches, and there's no assurance that data will be deleted as promised. As a result, many organizations will prioritize strategies that ensure swift and secure recovery, such as immutable backups, advanced recovery planning and redundant systems designed to minimize downtime.

This marks a significant change in how businesses approach ransomware. By investing in resilience and recovery rather than paying ransoms, organizations are not only undermining the ransomware business model but also improving their ability to withstand future attacks.

## Threats Will Ramp up Against Vulnerable Targets

#### **Critical Infrastructure Will Be a Prime Target for Nation-State Advanced Persistent Threats**

As geopolitical tensions continue to rise worldwide, we expect to see an increase in cyberattacks targeting critical infrastructure. The heightened tensions between nation-states create an environment where offensive cyber campaigns are integrated into broader geopolitical strategies. These attacks will focus on preemptively positioning adversaries within essential services, like energy, water, transportation or healthcare, enabling strategic footholds that can be leveraged to disrupt operations when a strategic benefit is perceived. With ongoing conflicts, including Russia's war with Ukraine, escalating tensions in the Middle East, and rising cross-strait tensions between China and Taiwan, we expect increased cyberthreat activity in these regions and any new areas of global conflict.

#### **Threats Against the Supply Chain Will Continue to Proliferate**

Despite increased awareness of software supply chain vulnerabilities, organizations will continue to struggle with effectively managing them, largely due to the complex and nested nature of software dependencies. Many modern applications rely on deeply nested layers of open-source components, where dependencies often create vulnerabilities that propagate across multiple products and vendors. This interdependence makes it difficult to track and mitigate risks, allowing a single flaw to potentially affect an entire software ecosystem.

In 2025, these challenges will intensify for three key reasons. First, we anticipate a rise in attacks targeting third-party vendors, as their vulnerabilities make them attractive to threat actors. Second, we believe large-scale supply chain attacks, similar in scope to SolarWinds, are already underway, but have yet to be discovered. Finally, we expect APT groups to increasingly target major cloud service providers, seeking to gain broad access through a single breach, maximizing their impact while reducing the risk of detection.

To discover more, see our [7 game-changing predictions for 2025](https://www.paloaltonetworks.com/why-paloaltonetworks/cyber-predictions?ts=markdown) from Palo Alto Networks.

***Contributors***: Mike Sikorski, CTO and VP of Engineering at Unit 42, Palo Alto Networks, Andy Piazza, Senior Director of Threat Intelligence at Unit 42, Palo Alto Networks, Jamie Williams, Principal Threat Intelligence Researcher at Unit 42, Palo Alto Networks, Mike Spisak, Managing Director of Proactive Security at Unit 42, Palo Alto Networks, LeeAnne Pelzer, Senior Consulting Director at Unit 42, Palo Alto Networks, Kyle Wilhoit, Director of Threat Research at Unit 42, Palo Alto Networks

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Securing the AI Before Times](https://www.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 2025 --- Key Predictions Shaping the Public Sector](https://www.paloaltonetworks.com/blog/2025/02/2025-key-predictions-shaping-the-public-sector/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### Cybersecurity Trends on the Horizon Across APAC for 2025 and Beyond](https://www.paloaltonetworks.com/blog/2024/12/cybersecurity-trends-across-apac-2025/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### Security Operations in 2025 and Beyond](https://www.paloaltonetworks.com/blog/2024/12/security-operations-in-2025-and-beyond/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 8 Trends Reshaping Network Security in 2025](https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Axios and Unit 42's Sam Rubin Discuss Disruptive Cyberattacks](https://www.paloaltonetworks.com/blog/2024/12/axios-and-unit-42s-sam-rubin-discuss-disruptive-cyberattacks/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language