Hackers have significantly accelerated their cyberattack timelines, now operating on average four times faster than just a year ago, according to a report released Tuesday by Palo Alto Networks. The findings underscore a worrying trend as ransomware attacks become increasingly sophisticated and swift, with threat actors now exfiltrating data as quickly as 72 minutes after gaining initial access.
The report reveals that artificial intelligence (AI) plays a crucial role in the evolving landscape of cyber threats. Cybercriminals are leveraging AI for a range of activities, including reconnaissance, phishing, scripting, and operational execution. This technological edge allows attackers to automate and optimize their strategies, making their assaults more effective and widespread.
Identity theft is a central element of these attacks, appearing in 90% of the incident response cases analyzed. Hackers are increasingly using stolen identities and tokens, enabling them to gain entry into networks without triggering security alerts. “Once an attacker has legitimate credentials, they’re not breaking in, they’re logging in,” said Sam Rubin, a senior vice president at Palo Alto Networks’ Unit 42. “When an adversary blends into normal traffic, detection becomes incredibly challenging for even mature defenders.”
The report is based on the analysis of over 750 incident response cases worldwide, providing a comprehensive view of how threat groups are employing AI to orchestrate attacks with unprecedented speed and scale. Attackers are now able to run multiple operations simultaneously and exploit known software vulnerabilities almost immediately after they are disclosed. Notably, attackers are targeting vulnerabilities within 15 minutes of a Common Vulnerabilities and Exposures (CVE) disclosure.
In addition to speed, the misuse of trusted integrations has emerged as a significant strategy among threat actors. The report indicates that nearly one-quarter of incidents in the past year involved attacks on software-as-a-service (SaaS) applications through these trusted connections. Such integrations provide legitimate, privileged access, complicating defense efforts against exploitation.
“This is a structural shift in supply chain risk that moves beyond vulnerable code to the abuse of trusted links,” Rubin noted, highlighting the growing complexity of cybersecurity challenges. The reliance on trusted integrations not only creates new vulnerabilities but also underscores the need for organizations to reassess their security protocols and response strategies.
The implications of these findings are profound for both businesses and cybersecurity professionals. As hackers increasingly exploit AI and trusted systems, the urgency for enhanced cybersecurity measures becomes apparent. Organizations must adapt to the rapidly evolving threat landscape and invest in robust defenses and incident response capabilities.
Ultimately, the report serves as a clarion call for industries to reevaluate their approach to cybersecurity, particularly in the face of increasingly sophisticated technology-driven threats. With hackers demonstrating the ability to act with such speed and efficacy, the importance of proactive security measures has never been greater. The challenge now lies not only in defending against these attacks but in anticipating the next wave of cyber threats that could emerge as technology continues to evolve.
See also
Cloud Range Launches AI Validation Range to Securely Test Agentic AI Models
Jeffs’ Brands’ KeepZone AI Signs Reseller Deal to Enhance Security for FIFA World Cup 2026
Experts Warn: AI Assistants Like Copilot, Grok Can Be Hijacked for Malware Operations
ESET Reveals PromptSpy: First Android Malware Using Gemini AI for UI Manipulation
AI-Driven Cyberattacks Surge: 80% of Firms Face Synthetic Identity Threats by 2027
