What is a Supply Chain Attack?

Supply chain attacks are designed to exploit trust relationships between an organization and external parties. These relationships could include partnerships, vendor relationships, or the use of third-party software. Cyber threat actors will compromise one organization and then move up the supply chain, taking advantage of these trusted relationships to gain access to other organizations’ environments.

Preventing an Attack? Cyber Security Report

What is a Supply Chain Attack?

Supply Chain Attacks Are Surging

Given the outsized impact they can have, it is unsurprising that supply chain attacks have dramatically increased in recent years. Data shows that from 2021 to 2023, supply chain attacks grew by 431%.

  • More recent data from Check Point’s State of Cyber Security 2025 report found hardware and software supply chains experienced the highest surge of attacks in 2024.
  • The report found that the average number of attacks targeting software, hardware, and semiconductor companies increased by 179%.

Experts state this is due to the increased global demand for hardware and the focus on AI technologies. As a vital component of modern infrastructure and innovations, the technological supply chain is becoming a significant target for cyber criminals.

Exploiting supply chain vulnerabilities in these sectors provides many opportunities for:

  • Financial gain
  • Espionage
  • Disruption

High-Profile Supply Chain Incidents

With the new attack vectors created by remote work and overwhelmed security teams, cybercriminals have had many opportunities to perform supply chain attacks. Some of the largest in recent years include:

  • SolarWinds: In 2020, a hacking group gained access to SolarWinds’ production environment and embedded a backdoor in updates to its Orion network monitoring product. SolarWinds customers running the malicious update suffered data breaches and other security incidents.
  • Kaseya: The REvil ransomware gang exploited Kaseya, a software company providing software for Managed Services Providers (MSPs) to infect over 1,000 customers with ransomware.  The group demanded a ransom of $70 million to provide decryption keys for all affected customers. 
  • Codecov: Codecov is a software testing organization whose Bash uploader script (used to send code coverage reports to the company) was modified by an attacker. This supply chain exploit enabled the attackers to redirect sensitive information such as source code, secrets and more from CodeCov’s customers to their own servers.
  • NotPetya: NotPetya was a fake ransomware malware that encrypted computers but did not save the secret key for decryption. It’s called turning it into a “wiper”.
    • The NotPetya attack began as a supply chain attack when a Ukrainian accounting firm was breached and the malware was included in a malicious update.
  • Atlassian: In November 2020, Check Point Research (CPR) discovered a series of vulnerabilities that, when combined, can be exploited to gain control of an account and various Atlassian apps that are connected via SSO.
    • What makes this vulnerability a potentially supply chain attack is that once the attacker exploits these flaws and gains control of an account, he or she can install backdoors that he can utilize in the future.
    • This can result in serious harm that will only be detected and controlled after the damage has occurred.
    • Check Point Research responsibly disclosed this information to the Atlassian teams which and a solution was deployed to ensure its users can safely continue to share info on the various platforms
  • British Airways: In 2018, British Airways suffered a Magecart attack that compromised over 380,000 transactions on the airline’s website. The attack was made possible by a supply chain attack that compromised one of the airline’s vendors and spread to British Airways, Ticketmaster, and other companies.

  • Linux XZ

    Discovered in 2024, the Linux XZ supply chain attack was a multi-year operation to insert a backdoor into the open-source project. XZ utilities are regularly used for compression in Linux.

    The backdoor enabled remote code execution to attackers with a specific key.

    The compromised version of XZ utilities was not widely deployed when the vulnerability was discovered. But, it was present in development versions. Experts stated that if undetected, the Linux XZ backdoor could have given the attackers access to hundreds of millions of systems around the world.

How a Supply Chain Attack Works

A supply chain attack takes advantage of trust relationships between different organizations. All organizations have a level of implicit trust in other companies as they install and use the company’s software within their networks or work with them as a vendor.

A supply chain attack targets the weakest link in a chain of trust. If one organization has strong cybersecurity but has an insecure trusted vendor, then the attackers will target that vendor. With a foothold in the vendor’s network, the attackers could then pivot to the more secure network using that trusted relationship.

One common type of supply chain attack targets are managed service providers (MSPs). MSPs have deep access to their customers’ networks, which is invaluable to an attacker. After exploiting the MSP, the attacker can easily expand to their customer networks. By exploiting supply chain vulnerabilities, these attackers have a larger impact and may gain access to networks that would be much harder to attack directly. This is how the Kaseya attackers managed to infect so many organizations with ransomware.

 

Other supply chain attacks use software to deliver malware to an organization’s customers.  For example, the SolarWinds attackers gained access to the company’s build servers and injected a backdoor into updates to the SolarWinds Orion network monitoring product.  When this update code was pushed to customers, the attackers gained access to their networks as well.

The Impacts of Supply Chain Attacks

Supply chain attacks simply provide an attacker with another method of breaching an organization’s defenses. They can be used to perform any type of cyber attack, such as:

  • Data Breach: Supply chain attacks are commonly used to perform data breaches. For example, the SolarWinds hack exposed the sensitive data of multiple public and private sector organizations.
  • Malware Infections: Cybercriminals often exploit supply chain vulnerabilities to deliver malware to a target organization. SolarWinds included delivery of a malicious backdoor, and the Kaseya attack resulted in ransomware designed to exploit them.

What Makes Supply Chain Attacks Dangerous

Supply chain attacks are a significant concern because they don’t target your systems directly, but rather exploit your trust in others. Whenever you install and use a vendor’s software or add a third-party dependency to your own code, you’re implicitly placing your trust in that vendor’s security.

This exposes you to any mistakes that might be made by external organizations and developers.

For instance, you assume they didn’t accidentally introduce vulnerabilities to their software and regularly update their code to patch out new exploits as they are discovered.

This is a particular concern for open-source dependencies…

Open-Source Software

Relying on unpaid developers to continually update their open-source projects and respond to new threats can be a major supply chain weakness.

Supply chain attacks aren’t trying to exploit the strongest link in the chain, they target the weakest. Therefore, you can be left exposed even if you develop extensive internal security controls to protect your systems without proper third-party risk management strategies.

Supply Chain Breach & Backdoor

Plus, once hackers have a supply chain breach and add a backdoor to a piece of software that is widely used, they can launch far-reaching attacks with many victims. Cybercriminals can get a much larger return on investment by compromising third-party code.

Rather than attacking an organization head-on and getting one victim, they can go after the software supply chain and get many more victims from a single vulnerability.

This attracts some of the most sophisticated hackers and groups to find supply chain attack vectors.

How to Prevent Supply Chain Attacks

While these attacks are hard to detect and remediate, there are best practices for supply chain cybersecurity that you can implement to limit their impact. These processes can be broken down into third-party risk management approaches that improve your supply chain resilience, and internal practices that limit the impact of compromised systems.

Third-Party Risk Management

Assessing vendor security standards and managing the risk of using external software and dependencies is a critical aspect of supply chain cybersecurity. You need to rigorously assess your vendors and determine the security of their development practices.

Performing third-party risk assessments allows you to identify specific security policies you want vendors to implement to work with you.

Plus, you can group vendors based on the risk they pose (their internal security practices and how much access they have to your sensitive business data). Then, prioritize monitoring each vendor based on their vulnerability level. This includes:

  • Identifying all open source dependencies
  • Ensuring they remain active projects that still push updates based on the latest threats.

Beyond open source projects, patch management is a vital aspect across supply chain cybersecurity.

You have to maintain the latest software versions to ensure the window of risk posed by new vulnerabilities is as small as possible.

Best Practices for Identifying And Mitigating Supply Chain Attacks

Supply chain attacks take advantage of unsecured trust relationships between a company and other organizations. Some ways to mitigate the risks of these attacks include:

  • Implement Least Privilege: Many organizations assign excessive access and permissions to their employees, partners, and software. These excessive permissions make supply chain attacks easier to perform. Implement least privilege and assign all people and software only the permissions that they need to do their job.
  • Perform Network Segmentation: Third-party software and partner organizations do not need unfettered access to every corner of the network. Use network segmentation to break the network into zones based on business functions. This way, if a supply chain attack compromises part of the network, the rest of the network is still protected.
  • Follow DevSecOps Practices: By integrating security into the development lifecycle, it is possible to detect if software, such as the Orion updates, has been maliciously modified.
  • Automated Threat Prevention and Threat Hunting: Security Operations Centers (SOC) analysts should protect against attacks across all of the organization’s environments, including the endpoint, network, cloud, and mobile.

Minimizing the Impact of a Supply Chain Breach

To minimize third-party supply chain risks, you need to reduce the access these systems have within your network. This includes introducing zero trust practices based on least privilege access. This makes applications and users continually verify their identity while only providing access to the systems they need, nothing more.

Another Zero Trust Network Access (ZTNA) technique is network segmentation, which divides your systems into siloed sections with strong security controls when moving between them.

ZTNA reduces the impact of supply chain breaches by preventing lateral movement.

The attacker only has access to the initial compromised system and struggles to extend their access further. Other techniques to help prevent supply chain attacks include:

  • Following DevSecOps best practices to test for vulnerabilities in any dependencies you use. You can improve software development visibility through a Software Bill of Materials (SBOM) that tracks details (source, version, etc.) of every dependency.
  • Regularly scanning your system with malware prevention tools to prevent attacks from executing.
  • Develop incident response plans that include considerations for supply chain attacks. This could implement sandboxing new code before executing it to mitigate any backdoors.
  • Track all of the applications and services employees use and uncover any shadow IT (unsanctioned applications) to ensure your supply chain attack surface is not larger than you realise.

Protecting Against Supply Chain Attacks with Check Point

Supply chain attackers take advantage of a lack of monitoring within an organization’s environment. Check Point Harmony Endpoint helps an organization to protect against these threats by monitoring applications for suspicious behavior that might point to compromise.

 

To learn more about the types of attacks that Harmony Endpoint protects against, check out Check Point’s 2021 Cyber Security Report. Then, take a security checkup to learn about the security issues within your environment. You can also learn how to close these security gaps with a free demo.