In 2024, the number of supply chain attacks doubled compared to previous years – yet this threat is often misunderstood and underestimated. As global supply chains become more complex and interconnected, strong security measures become more essential than ever to protect data, finances, and trust. As a new year begins, now is a good time to discuss some of the biggest attacks that occurred in 2024, and what companies can learn from them.
What Are Supply Chain Attacks?
As the name suggests, these cyber-attacks exploit weaknesses in a company’s supply chain to infiltrate systems. Instead of attacking the intended target directly, threat actors compromise a vendor, supplier, or third-party service provider who has access to the company’s network.
These attacks can lead to:
- Unauthorised access to sensitive information.
- Disruption of operations.
- Financial losses and reputational damage.
The Biggest Supply Chain Attacks of 2024
A business intelligence and data analytics company named Sisense experienced a data breach that is believed to have originated through their Gitlab. The attack compromised the sensitive data of many partners, including login credentials, access configurations, and potentially financial or personal information. Sisense promptly encouraged all partners to change their login details, and advised on further steps they could take to secure their accounts.
Popular collaboration tool Discord was targeted using malicious code, which was placed in the Github of Top.gg – the platform used to publish their bots. This is a common attack vendor, as companies will often download code from Github without checking that it is safe. In this case, the end goal was to steal login credentials using a Trojan virus. The attack was not noticed until it successfully reached Discord, where a community of developers first brought it to attention.
A malicious backdoor was discovered in XZ Utils – an open-source data compressor used in Linux. It has been theorised that the ultimate goal was to merge this backdoor update with two of Linux’s biggest distributors. This would have allowed them to launch an attack against thousands of users and an unknown number of companies. Fortunately, a software developer noticed the backdoor before this could happen, mitigating the potential damage.
Key Lessons from 2024’s Supply Chain Attacks
- The importance of strict vulnerability management.
- The need for continuous monitoring of third-party vendors.
- The growing role of Zero Trust security models and employee awareness in minimising risk.
How to Prevent Supply Chain Attacks in 2025
One of the most effective ways to improve supply chain security is by carefully vetting all third-party vendors and suppliers. This includes assessing their cyber security practices, compliance with industry regulations, and track record of managing threats.
- Require vendors to adhere to strict security protocols.
- Conduct regular audits of vendor systems and processes.
- Include cyber security clauses in contracts to ensure accountability.
A multi-layered approach to security can significantly reduce the risk of supply chain attacks, by creating multiple barriers for threat actors to pass.
Some important security measures include:
- Firewalls and intrusion detection systems to monitor network activity.
- Multi-factor authentication (MFA) to secure access points.
- End-to-end encryption for data transmission.
The Zero Trust security model operates on the principle of “never trust, always verify,” treating every access attempt as a potential threat. By extending this to downloads, and scanning every single one, companies can minimise the risk associated with hidden malware that is demonstrated in the above examples.
How to implement zero trust:
- Segment networks to isolate critical systems from less secure areas.
- Limit access privileges to the minimum required for each user or application.
- Continuously monitor and verify user activity.
Employees are often the first line of defense against supply chain attacks. Ensuring they are well-educated about cyber security best practices can prevent them from falling victim to social engineering attacks such as phishing scams.
Training programs should cover:
- How to recognise and report suspicious emails, phone calls, or messages.
- The importance of using strong, unique passwords.
- Steps to secure sensitive data during communication or file sharing.
Real-time monitoring tools provide visibility into potential vulnerabilities across the supply chain. These tools can detect unusual activity, unauthorised access attempts, or system anomalies, allowing businesses to respond proactively.
Examples of monitoring tools:
- Endpoint Detection and Response (EDR) solutions.
- Vendor risk management platforms.
- AI-powered monitoring software.
Supply chain security is a collective effort, due to the interconnected nature of this industry. Companies, vendors, and industry groups must work together to implement strong security measures and minimise attack vectors.
Key collaboration strategies:
- Sharing threat intelligence with industry peers to identify emerging risks.
- Participating in cyber security forums and industry groups.
- Encouraging vendors to adopt frameworks like NIST or Essential 8.
Discover Your Vulnerabilities and Prevent Supply Chain Attacks
The biggest supply chain attacks of 2024 highlight the necessity of proactive security solutions. As companies prepare for the year ahead, it is important to consider the risk of security incidents and plan ahead. This will allow them to prevent data breaches and maintain business operations.
Pronet has years of experience in supply chain security, and can perform a comprehensive risk assessment to help you understand your biggest vulnerabilities.
And we don’t stop there. Once your blind spots have been identified, we provide
security measures designed to fit like a glove. Speak to a security expert and discover how we can help.
