The Increasing Threat of Software Supply Chain Attacks

Recent Trends in Supply Chain Attacks

The landscape of IT and software supply chain attacks has seen a significant rise recently, with a notable uptick in reported incidents. According to findings from Cyble, a threat intelligence research group, the frequency of these attacks has escalated dramatically over the past few months. From February to September 2024, an average of just under 13 attacks were recorded monthly. However, this number has jumped to over 16 attacks per month from October 2024 through May 2025, marking a 25% increase. More alarmingly, the past two months alone witnessed an average of nearly 25 cyber incidents involving supply chains, effectively doubling the attack rate compared to the same timeframe a year earlier.

While the numbers indicate a concerning upward trend, Cyble researchers caution that the nature of these attacks can lead to considerable variability month to month, which should be taken into account when interpreting the data. Moreover, it’s important to note that data regarding cyber attacks is often incomplete, as the full scope of each incident may not always be recognized or disclosed.

Target Sectors Under Siege

In-depth analysis of 79 supply chain attacks that took place in the initial five months of 2025 reveals a troubling pattern: 63% of these incidents directly targeted companies in the IT, technology, and telecommunications sectors. These sectors are particularly attractive to threat actors due to the potential widespread damage that can ensue from a single breach. For instance, the infamous CL0P ransomware incident impacted hundreds of victims stemming from one vulnerability.

Out of 24 industries tracked, only two—Mining and Real Estate—escaped unscathed from supply chain attacks during this period. In non-technology domains, such attacks frequently involve vulnerabilities in third-party service providers or industry-specific solutions.

Geographic Distribution of Attacks

The geographic distribution of these attacks highlights significant trends in targeted locations. For example, the United States faced 31 of the total 79 incidents reported, while European nations experienced 27 attacks—France notably led with 10 incidents. The Asia-Pacific (APAC) region was also significantly affected, with 26 attacks, primarily in India (9 incidents) and Taiwan (4). Meanwhile, the Middle East and Africa saw a total of 10 incidents, predominantly affecting the UAE and Israel.

Examples of Recent Supply Chain Attacks

To illustrate the widespread nature of these attacks, Cyble provides detailed accounts of several notable incidents across various industries:

1. A ransomware incident affecting a Swiss banking technology firm, where login credentials for banking applications were exfiltrated.
2. An attack on an IT services subsidiary of a major international conglomerate, potentially compromising multiple government-related projects.
3. Unauthorized access to a telecommunications satellite dataset on a cybercrime forum, which included critical technical documents.
4. Stolen blueprints linked to a company in China specializing in display technologies, following a ransomware attack.
5. Data theft of 200 GB from a U.S. company focused on biometric recognition solutions.
6. A cyber attack on an Indian fintech firm, which resulted in the unauthorized sale of administrative access to its cloud infrastructure.
7. Significant data theft in Singapore involving sensitive project documentation and database contents.
8. Licensing and application configuration files were exposed during a breach of an Australian IT and telecom solutions provider.
9. Access sold to the portal of an Australian telecommunications company, which included vital domain administration tools.

Strategies for Mitigating Supply Chain Risks

Given the complexity and the inherent trust involved in relationships with suppliers and partners, protecting against supply chain attacks poses unique challenges. Experts emphasize the importance of proactive measures, including:

• Implementing network microsegmentation to isolate critical systems.
• Strengthening access controls to reduce unauthorized entry opportunities.
• Encrypting both data at rest and in transit to safeguard sensitive information.
• Establishing ransomware-resistant backups to minimize impact.
• Deploying honeypots for early detection of breaches.
• Properly configuring APIs and cloud services to ensure robust security.
• Monitoring for unusual activity that may indicate a potential compromise.

As Cyble notes, the most effective risk management strategies concerning supply chain vulnerabilities are best integrated within the continuous integration and development (CI/CD) processes. Therefore, it is vital to conduct thorough vetting of partners and demand stringent security controls in vendor contracts to bolster third-party security.

By focusing on these strategies, organizations can enhance their resilience against the evolving landscape of supply chain attacks.