An international group of hackers has claimed responsibility for a series of cyberattacks on major technology companies, including eBay and Spotify. The incidents demonstrate a dangerous trend in cybercrime — the shift from direct attacks on corporations to targeted operations against their suppliers and partners.

In 2026, cybercrime has reached a new level of complexity. Instead of traditional attacks on large companies, attackers are increasingly using the tactic of 'escalation hacktivism' — attacking third-party suppliers and partners to gain access to the main targets. This requires businesses to reconsider their security approaches and shift from reactive defense to a proactive threat prevention strategy.

Wave of Cyberattacks on Tech Giants

An international hacker group has claimed responsibility for a series of coordinated cyberattacks on major American technology companies. Among the victims are eBay, one of the largest e-commerce platforms, and Spotify, a leader in music streaming. These incidents point to a growing threat to critical digital infrastructure that serves millions of users worldwide.

The attacks demonstrate a high level of coordination and technical proficiency. The attackers used comprehensive methods to penetrate systems, including social engineering, exploitation of known vulnerabilities, and targeted phishing campaigns. The companies were forced to activate incident management protocols and notify users of potential risks.

These incidents are not isolated cases. According to analysts at Dragos, the third quarter of 2025 saw 742 incidents involving ransomware affecting industrial facilities worldwide. The manufacturing sector was the most vulnerable, accounting for 72% of all recorded attacks. This indicates a systemic problem in the cybersecurity of critical infrastructure.

Escalation Hacktivism and Supply Chain Attacks

The new trend in cybercrime has been named 'escalation hacktivism'. Instead of direct attacks on large corporations, attackers are increasingly choosing a more cunning approach — they attack third-party suppliers, contractors, and partners of major companies. This tactic allows them to bypass the more robust security systems of large organizations by exploiting weak links in the supply chain.

This approach is extremely effective. Smaller companies often have limited budgets for cybersecurity and less experienced data protection teams. By gaining access to a supplier's systems, hackers can then penetrate the main company's networks using the trust relationships and integrations between systems.

Experts note that in 2026, this tactic is becoming more widespread. Companies that previously considered themselves protected by investments in their own security are discovering that their vulnerability lies in their partner ecosystem. This requires organizations to expand the perimeter of their protection and include cybersecurity requirements in contracts with suppliers.

Shift from Reactive Defense to Proactive Strategy

The 2026 analytical report by BG Titan Group contains a clear recommendation: companies must shift from reactive defense to a 'denial of opportunity' strategy. This means that instead of trying to detect and stop attacks after they start, organizations should focus on eliminating the conditions that make attacks possible.

A proactive strategy includes several key components. Firstly, it involves constant auditing and updating systems to eliminate known vulnerabilities. Secondly, the implementation of multi-factor authentication and data encryption. Thirdly, regular training of employees in social engineering and phishing protection methods.

Companies that have already implemented such approaches demonstrate significantly better results in protecting against cyberattacks. They reduce incident detection times from months to days, minimize damage from successful attacks, and lower overall incident recovery costs. Companies like Alashed IT (it.alashed.kz) help Kazakhstani and Central Asian organizations implement these advanced cybersecurity approaches.

Critical Infrastructure Under Threat

Critical infrastructure — energy, water supply, transportation, healthcare — remains in the crosshairs of cybercriminals. Data from Dragos shows that the manufacturing sector, which is often closely linked to critical infrastructure, is experiencing unprecedented pressure. 72% of all ransomware incidents in the third quarter of 2025 affected manufacturing facilities.

Attacks on critical infrastructure have far-reaching consequences. They not only cause financial damage to companies but can also lead to disruptions in service provision, threatening the lives and health of people. A power grid control system outage can leave entire cities without electricity. A breach in water supply control systems can lead to drinking water contamination.

Therefore, protecting critical infrastructure requires special attention and resources. Governments and international organizations are developing new standards and requirements for critical infrastructure operators. Companies in this sector must invest in specialized monitoring systems, backup control channels, and staff training for rapid incident response.

Recommendations for Businesses and Organizations

In light of growing cyber threats, organizations need to adopt a comprehensive approach to cybersecurity. The first step is to conduct a full audit of the current state of protection, including an assessment of vulnerabilities in both their own systems and those of their partners. This should include penetration testing, log analysis, and compliance checks with security standards.

The second step is to develop and implement a cybersecurity policy that covers the entire organization and its partner ecosystem. This should include requirements for minimum security standards for all suppliers and contractors, as well as procedures for regularly verifying their compliance with these standards.

The third step is to invest in technology and personnel. This includes implementing modern threat detection systems, security information and event management (SIEM) systems, and hiring or training cybersecurity specialists. Organizations should also establish procedures for rapid incident response and recovery.

Finally, organizations must create a cybersecurity culture where every employee understands their role in protecting the company's data. This requires regular training, clear policies, and open communication about risks and incidents.

Что это значит для Казахстана

For Kazakhstan and Central Asian countries, these global cyber threats have direct implications. Kazakhstani companies, especially those working with international partners or providing services to foreign clients, become potential targets for hackers seeking weak links in the supply chain. Kazakhstan's government has already recognized the importance of cybersecurity and has implemented several initiatives, including the National Cybersecurity Strategy. However, experts estimate that the level of preparedness for cyber threats in the region remains below global standards. Companies in Kazakhstan and Central Asia must actively invest in cybersecurity and collaborate with international partners to share threat information. Specialists recommend that Kazakhstani organizations seek the services of cybersecurity companies for audits and the implementation of protective measures.

In the third quarter of 2025, 742 ransomware incidents affecting industrial facilities were recorded, with 72% affecting the manufacturing sector.

The cyber threats of 2026 demonstrate the evolution of attack methods and the growing complexity of cybercrime. The shift from direct attacks to targeted operations against the supply chain requires organizations to reconsider their security approaches. Companies must move from reactive defense to a proactive strategy that eliminates the conditions for possible attacks. Investing in cybersecurity today is an investment in the survival and prosperity of business tomorrow.

Часто задаваемые вопросы

What is escalation hacktivism and how does it work?

Escalation hacktivism is a tactic where hackers attack third-party suppliers and partners of large companies instead of direct attacks on the company itself. This allows them to bypass the more robust security systems by exploiting weak links in the supply chain. By gaining access to a supplier's systems, they then penetrate the main company's networks through trust relationships between systems.

How many ransomware incidents occurred in 2025?

According to Dragos, the third quarter of 2025 saw 742 ransomware incidents affecting industrial facilities worldwide. The manufacturing sector was the most vulnerable, accounting for 72% of all recorded attacks.

Which companies were attacked in 2026?

An international hacker group claimed responsibility for cyberattacks on eBay and Spotify. These incidents demonstrate that even large technology companies with significant investments in security remain vulnerable to coordinated attacks.

How can companies protect their supply chain from cyberattacks?

Companies should include cybersecurity requirements in contracts with suppliers, conduct regular audits of their security systems, require the implementation of multi-factor authentication and encryption, and establish procedures for rapid detection and response to incidents in partner systems.

What is the 'denial of opportunity' strategy in cybersecurity?

The 'denial of opportunity' strategy (denial of opportunity) means that instead of trying to detect and stop attacks after they start, organizations focus on eliminating the conditions that make attacks possible. This includes constant system updates, implementation of multi-level protection, and employee training.

Читайте также

Источники

Фото: Markus Spiske / Unsplash