Supply chain attack

Many flavors. There are several different types of supply chain attacks, including:

• Software supply-chain attacks: Software supply-chain attacks occur when hackers deploy malicious code into software during the development or distribution process to infect all the users of an application. These attacks have been garnering attention in recent years because of the significant impact a single attack can have. The rising adoption of open-source software by organizations also creates a potentially large attack surface for bad actors utilizing this kind of attack.
• Cryptojacking: Cryptojacking happens when malicious actors hijack a victim’s computer to mine cryptocurrency without them knowing. An example of how a malicious actor may perform this attack is by using social engineering to compel victims to download cryptomining code onto their devices, which then adds a cryptomining script to their device.
• Formjacking: Formjacking occurs when a malicious actor injects malicious code into a webpage form to collect sensitive information.

Hot topic. Supply-chain attacks are a large threat in the industry. A joint study by the Ponemon Institute and Imprivata found that 47% of organizations experienced a breach involving a third-party partner in 2024. Some of the most famous examples of supply-chain attacks in recent years include the 2019 SolarWinds attack, the 2023 Okta attack, and the 2017 Equifax breach.

Supply-chain attacks can be difficult to defend against because most organizations don’t have full visibility into their supply chain. Some experts recommend companies defend against such attacks by shrinking their attack surface wherever possible and relying on fewer vendors.