Cyberattacks on software supply chains have become so widespread that they occur at least one every two days. report van Cyble has claimed.
Software supply chain attacks occur when a threat actor compromises a software development company or a platform that another company uses in its products and services. As a result, that other company is also compromised and in most cases, hackers steal company and customer data or hijack the company’s source code.
According to the report, there were at least 90 successful supply chain attacks in the six-month period between February and August 2024. The report also notes “claims of successful supply chain attacks” on the dark web.
American companies in the spotlight
Most of the attacks targeted IT providers, the researchers further explained, adding that this was not surprising given the reach of these companies. A third of the total (30 attacks) targeted IT providers, followed by technology product companies with 14 attacks. Aerospace & defense (9 breaches), manufacturing (9 breaches) and healthcare (8 breaches) were the next most common victims of supply chain attacks.
IT providers may be the biggest target, but few industries are spared. Cyble says that of the 25 verticals it tracked, 22 suffered at least one supply chain attack this year.
Geographically, businesses in the United States suffered the most (31 attacks), followed by businesses in the United Kingdom (10). Germany and Australia came in second with five attacks each, while Japan and India had four.
According to Cyble, the Continuous Integration and Development (CI/CD) process is the most effective way to manage risks in the software supply chain.
“By carefully screening your partners and suppliers and including good security measures in contracts, you can improve third-party security,” the researchers concluded.
