Hackers are shifting their focus from data breaches to total destruction during cyberattacks, aiming to shut down victim companies entirely. According to Palo Alto Networks, the number of ransomware attacks in 2024 has remained similar to last year, with only a four percent increase in the number of companies listed on extortion sites. As organizations improve their data backup practices, hackers are now pivoting to destructive attacks, targeting essential systems to render them useless. These attackers often focus on large tech vendors to maximize the impact, causing widespread disruption to their partners. One example shared by Sam Rubin from Palo Alto Networks involved a single company affecting over one hundred partners, necessitating weeks of safety assurance. The firm ultimately paid a ransom to stop ongoing losses, highlighting the financial pain of these attacks. Palo Alto Networks predicts that these destructive attacks will become increasingly common in the coming year as hackers leverage generative artificial intelligence to exploit vulnerabilities.
North Korean IT workers are infiltrating United States companies through fake identities and forged credentials, according to Sentinel Labs. The cyber security organization has uncovered a network of companies believed to be backed by China that supply remote workers under false pretenses. These individuals conduct convincing video interviews and use virtual private networks to mask their true locations, posing significant risks to corporate networks. The researchers highlighted that these workers are highly skilled in software development and cryptocurrency technologies, with earnings laundered through online payment services to support North Korean state programs, including weapons development. Companies are urged to implement stringent vetting processes to identify discrepancies in resumes and online profiles and be alert for signs of fraudulent behavior during the hiring process.
CrowdStrike has shown resilience and trust with its customers following a significant IT outage in July caused by a faulty update. In its third quarter of fiscal 2025, the cybersecurity company reported a revenue increase of twenty-nine percent, reaching one billion dollars, surpassing analyst expectations. The company added one hundred fifty-three million dollars in annual recurring revenue during this period. Analysts highlighted a strong retention rate of ninety-seven percent, indicating minimal customer defections. CrowdStrike’s CEO, George Kurtz, expressed confidence in their technology and emphasized that large clients have remained loyal despite the earlier incident. Industry analysts from William Blair and TD Cowen noted that CrowdStrike is on track to recover and continue its growth trajectory.
Why do we care?
One of the supposed consequences of cyber-attacks is reputational risk. While distinctly not a cyber-attack, a quality issue at Crowdstrike has not impacted their customer reputation, as measured by the financial fallout. While CrowdStrike’s performance appears robust, we should remain cautious about drawing long-term conclusions. Customer loyalty metrics can lag real dissatisfaction, and competitors may still exploit the earlier outage to lure clients away.
That said, attackers making the point total destruction changes the risk levels of cyberattack. The raw impact of downtime is an equation that providers should be familiar with. Couple that with corporate infiltration, and the defense becomes intellectually easier. The proposed solutions for preventing infiltration (e.g., stringent vetting) are resource-intensive and may not scale easily for smaller organizations or those in high-growth phases. IT service providers should offer tiered solutions for identity management, balancing cost-effectiveness with security.