Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025
摘要
2025年,供应链攻击持续成为网络安全领域的重大威胁。攻击者通过入侵拥有大量下游用户的云服务或软件供应商,能够对数以百万计的组织造成潜在危害。例如,2024年12月发生的一起针对Solana区块链智能合约的攻击,就影响了数千用户。这类攻击因其波及范围广、破坏性强,对包括财富500强企业和政府机构在内的各类组织构成了严峻挑战。
In a roundup of the top stories of 2024, Ars included a supply-chain attack that came dangerously close to inflicting a catastrophe for thousands—possibly millions—of organizations, which included a large assortment of Fortune 500 companies and government agencies. Supply-chain attacks played prominently again this year, as a seemingly unending rash of them hit organizations large and small.
For threat actors, supply-chain attacks are the gift that keeps on giving—or, if you will, the hack that keeps on hacking. By compromising a single target with a large number of downstream users—say a cloud service or maintainers or developers of widely used open source or proprietary software—attackers can infect potentially millions of the target’s downstream users. That’s exactly what threat actors did in 2025.
Poisoning the well
One such event occurred in December 2024, making it worthy of a ranking for 2025. The hackers behind the campaign pocketed as much as $155,000 from thousands of smart-contract parties on the Solana blockchain.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧