Hackers are changing their playbook to cause as much chaos as possible.
Driving the news: Ransomware hackers are increasingly targeting tech and software vendors that count big companies among their customers in a “kill multiple birds with one hack” situation. Unit 42, Palo Alto Networks’ threat intelligence team, says this more destructive approach will be a major thread in 2025.
How it works: The typical ransomware approach has been to breach a company and use malware to lock important files until the victim pays up. Now, hackers are deliberately targeting tech companies and making their services unusable by wiping key files or overloading the system with a DDoS attack.
- Hackers hope this disrupts enough of a vendor’s customers that they complain or take their business elsewhere, providing a bigger incentive to pay ransoms.
- Depending on the nature of the target, hackers could also use access to a vendor’s systems to then access data from their customers.
Why it’s happening: A year’s worth of headlines about ransomware causing massive data breaches and huge costs for victims has made companies more diligent about attacks, so hackers are trying a new strategy.
- Unit 42 says the number of ransomware attacks plateaued in 2024 compared to last year.
Why it matters: Two recent examples come to mind: Crowdstrike and Snowflake.
- July’s Crowdstrike outage was a software glitch, not a hack, but it shows how disruptive an outage at one tech provider can be — it took down services from airports to banks to hospitals.
- The Snowflake breach caused headaches for Ticketmaster, Advance Auto Parts, AT&T, State Farm, and other clients with customer data stored on its servers.
The good news: Hackers are still using things like phishing emails, unpatched software, or staff’s weak passwords to get into a system. If a company is protected against those, they are also in good shape to fend off these kinds of attacks.
The bad news: Companies haven’t gotten better at preventing breaches — they just have better data backup practices. So while that removes the incentive to pay for unlocking files, it doesn’t help stop a DDoS attack.
Zoom out: “Traditional” ransomware is still pretty bad. Stoli Vodka said an attack in August was so costly that two of its U.S. subsidiaries had to declare bankruptcy.