Hackers are pivoting from data breaches to business shutdowns
Hackers are increasingly looking to shut down victim companies during cyberattacks.
Why it matters: Organizations need to prepare their defenses to fend off service disruptions and malware wipers, experts say.
The big picture: The number of ransomware attacks in 2024 has been about the same as last year, according to Palo Alto Networks.
• Palo Alto Networks' threat intelligence team says it has seen just a 4% increase this year in the number of companies listed on so-called extortion sites — websites where ransomware gangs list the companies they've attacked that haven't yet paid a ransom.
• Sam Rubin, global head of operations at Palo Alto Networks' Unit 42 team, told Axios that companies are finally getting better at backing up their data. Doing so helps them recover faster from ransomware attacks that seize their files.
• Hackers have caught on and are now pivoting to destructive attacks in the hopes of getting businesses to pay ransoms again, he said.
Threat level: These attacks focus on bringing companies "to their knees," Rubin said.
• Attackers are looking to render key systems useless and unsalvageable. Think malware wipers and denial-of-service attacks.
• The hackers behind these attacks try to target large tech vendors whose customers include big-name companies so they can also cause more widespread destruction.
• These groups often return to target the same companies as part of a persistent campaign, Rubin added.
Zoom in:Rubin shared one example where hackers targeted just one company that had more than 100 partners. Each one had to disconnect from the unnamed vendor's product, even if it wasn't affected, to prevent the hackers from gaining access.
• It took "weeks to go through and assure the safety [of] 100 different business partners," Rubin added.
• In another case, Rubin said, one company felt so much pain from the business shutdowns that when it heard the hackers would take a ransom to stop the bleeding, it paid it immediately. The company was losing millions of dollars each day.
• "If you're a [software-as-a-service] business, and you are absolutely shut down and hemorrhaging customers and hemorrhaging money, that's an incredibly painful situation," Rubin said.
Between the lines:Many of the groups behind major ransomware attacks are the ones pivoting to these destructive attacks, including Scattered Spider, which targeted MGM Resorts and Caesars Entertainment.
• These groups are also using many of the same tactics to get into a company's systems, such as phishing emails, software vulnerabilities and social engineering, Rubin said.
• They're often looking to install file-corrupting malware onto a company's virtual machines, rendering the whole system useless.
Yes, but:Attackers have to do a lot more research and planning to carry out these schemes.
• It costs money and time to figure out which vendors a specific, high-value company relies on and what software vulnerabilities they're exposed to.
What we're watching:Palo Alto Networks predicts that these attacks will become even more prominent in the new year —especially as hackers get better at using generative AI to find vulnerabilities.
https://archive.is/rTAQ8