® 
Supply Chain Attack
Definition
A supply chain attack is a cyberattack where the attacker targets a supplier or software vendor rather than the target organization itself. By compromising the supply chain, attackers can reach multiple targets simultaneously.
A supply chain attack is a cyberattack in which the attacker compromises not the ultimate target itself, but a supplier, software vendor or service provider in the supply chain. According to the ENISA Threat Landscape 2024, supply chain attacks have increased by 300% since 2020, making them one of the fastest-growing threat categories.
How does a supply chain attack work?
The attacker identifies a weak link in the target's supply chain. This could be a software vendor whose update mechanism is compromised, a managed service provider with access to client networks, or an open-source library used in thousands of applications. By compromising the supplier, the attacker gains indirect access to all customers using the compromised software or service. The trust that organisations place in their suppliers is thus exploited as an attack vector.
Types of supply chain attacks
Software supply chain attacks compromise the build or distribution process of software. The SolarWinds attack (2020) is the most prominent example: attackers infiltrated the build system and added a backdoor to a software update installed by over 18,000 organisations. Dependency confusion attacks abuse package managers by publishing malicious packages with the same name as internal libraries. Hardware supply chain attacks manipulate physical components during production or transport. Third-party service attacks target managed service providers or cloud service providers.
Impact on organisations
Supply chain attacks are particularly dangerous due to their scale: a single compromised supplier can affect thousands of organisations. The NotPetya attack (2017) began as a supply chain attack via Ukrainian accounting software and caused over $10 billion in damage worldwide. NIS2 explicitly requires organisations to manage supply chain risk and assess supplier security. The Cyber Resilience Act (CRA) sets requirements for the security of the entire software supply chain. Organisations that fail to manage supply chain risk face not only attacks but also NIS2 fines.
Protection against supply chain attacks
Effective protection requires a combination of supplier assessment and technical measures. Vendor Security Assessments evaluate supplier security posture before contracts are signed. Software Bill of Materials (SBOM) provides visibility into all components and dependencies of software in use. Code signing and integrity verification ensure software has not been tampered with. Network segmentation limits impact if a supplier is compromised. Continuous monitoring of supplier access detects anomalous behaviour.
How DEFION helps
DEFION conducts Vendor Security Assessments that objectively evaluate supplier security posture. The Managed Threat Intelligence service actively monitors for indicators of supply chain compromises. If a supply chain attack is suspected, the DFIR team is available 24/7.