Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyble report. Show all posts
Zero-Day Vulnerabilities
chain attacks Cyble report October cyber threats Ransomware Groups SaaS provider attacks software supply Vulnerabilities and Exploits Zero-Day Vulnerabilities

Software Supply Chain Attacks Surge to Record Highs in October, Driven by Zero-Day Flaws and Ransomware Groups

 

Software supply chain intrusions reached an unprecedented peak in October, surpassing previous monthly records by more than 30%, according to new research.

Cyble revealed in a blog post that threat actors on dark-web leak forums claimed 41 supply chain attacks in October—10 more than the earlier high recorded in April 2025. The report notes that supply chain incidents have more than doubled since April, with an average of 28 attacks per month, compared to the monthly average of 13 from early 2024 through March 2025. Cyble attributed the escalation to multiple factors.

The sharp rise has been fueled primarily by a “combination of critical and zero-day IT vulnerabilities and threat actors actively targeting SaaS and IT service providers,” Cyble wrote, adding that “the sustained increase suggests that the risk of supply chain attacks may remain elevated going forward.”

Additional contributors include cloud-security weaknesses and AI-powered phishing campaigns, with vishing also playing an important role in recent Scattered LAPSUS$ Hunters attacks on Salesforce environments.

All 24 industries monitored by Cyble experienced at least one supply chain breach this year, but IT and IT services firms were hit disproportionately. These organizations remain attractive to attackers due to their broad customer ecosystems and valuable access points. Cyble reported 107 supply chain attacks targeting IT companies so far this year—over three times more than those seen in financial services, transportation, technology, or government sectors.

Ransomware operations remain a major driver of this surge. Groups such as Qilin and Akira, which Cyble identified as the most active this year, have also carried out “an above-average share of supply chain attacks.”

Akira recently targeted a major open-source initiative, stealing 23GB of sensitive data including internal reports, confidential files, and issue-tracking information. Both Akira and Qilin have also compromised multiple IT providers serving high-risk verticals such as government, defense, intelligence, law enforcement, healthcare, energy, and finance. In one case, Qilin claimed to have obtained source code for proprietary tools used across public safety and security organizations.

Another Qilin incident involved breaching customers of a U.S. cybersecurity and cloud provider through “clear-text credentials stored in Word and Excel documents hosted on the company’s systems.”

A newer threat actor, Kyber, leaked more than 141GB of internal builds, databases, project files, and backups allegedly taken from a major U.S. aerospace and defense contractor specializing in communication and electronic warfare technologies.

Other notable October events included the Cl0p ransomware group's exploitation of Oracle E-Business Suite vulnerabilities and a breach involving Red Hat GitLab.

Cyble emphasized that mitigating supply chain threats is difficult because organizations inherently trust their vendors and partners. The firm stressed that security audits and third-party risk evaluations should become routine practice.

The researchers highlighted that the “most effective place to control software supply chain risks is in the continuous integration and development (CI/CD) process,” and advised that organizations thoroughly vet suppliers and enforce strong security requirements within contracts to strengthen third-party protection.
Read more »
software supply chain attacks
Cyber Security cybersecurity trends 2025 Cyble report IT threat landscape Ransomware software supply chain attacks

Software Supply Chain Cyberattacks Surge 25%: IT, Telecom, and Fintech Firms Most Targeted

 

Software supply chain attacks have been steadily climbing, with recent data pointing to a 25% surge in incidents. This rise underscores the increasing sophistication of threat actors in breaching the complex web of interconnected software, hardware, and service providers that make up today’s IT environments.

According to an analysis of Cyble data, the average number of software supply chain attacks rose from under 13 per month (February–September 2024) to over 16 per month (October 2024–May 2025). The most recent two months saw nearly 25 incidents on average, suggesting a potential doubling of attack volume if current patterns hold. Still, month-to-month fluctuations remain high—with a low of 6 attacks in January 2025 and a peak of 31 in April 2025.

The dataset, compiled from Cyble’s investigations and open-source intelligence (OSINT), is not exhaustive, as many incidents remain undisclosed or undetected.

From January to May 2025, Cyble documented 79 cyberattacks with supply chain implications. Of these, 63% (50 incidents) were aimed at IT, technology, and telecommunications companies—prime targets due to their downstream influence. A single exploited vulnerability in these sectors can have a cascading effect, as seen in the widespread CL0P ransomware breaches.

Supply chain-related incidents touched 22 out of 24 tracked sectors, sparing only the Mining and Real Estate industries. In non-tech verticals, attackers often breached through third-party vendors and industry-specific service providers.

Regionally, the U.S. led with 31 reported incidents, followed by Europe (27) and APAC (26)—with India (9) and Taiwan (4) among the most affected in the Asia-Pacific region. The Middle East and Africa recorded 10 incidents, including four each in the UAE and Israel.

Cyble also detailed 10 major incidents, such as:

  1. Everest Ransomware claiming an attack on a Swiss banking tech firm, with stolen login credentials to banking apps.
  2. Akira ransomware affecting an IT services arm of a global conglomerate, reportedly disrupting projects linked to government bodies.
  3. A DarkForums threat actor advertising 92 GB of data related to a satellite project for Indonesia and ASEAN countries.
  4. Hellcat ransomware breaching a China-based electronics firm, exfiltrating 166 GB including blueprints and financial records.
  5. DragonForce targeting a U.S. biometric tech firm and extracting over 200 GB of data.
  6. VanHelsing ransomware infiltrating a U.S. enterprise security company, compromising potentially sensitive BFSI sector data.
  7. A threat actor on Exploit offering admin-level access to an Indian fintech firm’s cloud systems.
  8. Crypto24 extortion group claiming a 3TB breach of a Singapore-based tech firm.
  9. Killsec hacking group compromising an Australian IT and telecom solutions provider, leaking critical configuration data.
  10. A DarkForums actor offering access to an Australian telecom company’s domain admin portal for $750.

“Protecting against software supply chain attacks is challenging because these partners and suppliers are, by nature, trusted,” Cyble noted.

To mitigate risks, experts recommend:
  • Network microsegmentation
  • Restrictive access controls and regular validation
  • Biometric and multi-factor authentication
  • Encrypted data at rest and in transit
  • Ransomware-resistant, air-gapped backups
  • Honeypots for early breach detection
  • API and cloud configuration hygiene
  • Proactive monitoring via SIEM, Active Directory, and DLP tools
  • Routine audits, scans, and pen testing

The most strategic defense, Cyble suggests, lies within the CI/CD pipeline. Organizations must vet vendors thoroughly, incorporate security mandates in contracts, and make cybersecurity a core purchasing criterion. Leveraging services like Cyble’s third-party risk intelligence can accelerate this process and promote stronger security compliance among suppliers.

As threat actors evolve, organizations must embrace a layered, proactive approach to software supply chain security—treating it not as an IT concern, but as a critical business imperative.

Read more »
Subscribe to: Comments (Atom)