JULY 14, 2026
The perimeter model of cybersecurity assumes that threats come from outside the organization trying to get in. Supply chain attacks break that assumption at the foundation. They enter through a vendor you already trust, a software component your developers already depend on, a service provider whose access you already granted. By the time the attack is visible, it has been inside for months, using credentials and pathways the organization itself established.
The scale of this shift became impossible to ignore in 2025. Third-party involvement in breaches doubled in a single year, from 15% to 30% of all incidents, the largest single-year shift ever recorded by the Verizon Data Breach Investigations Report in its two-decade history. Supply chain compromises now cost an average of $4.91 million per incident and take 267 days to detect and contain, the longest lifecycle of any attack vector tracked by IBM. And on the software side, more than 454,600 malicious open source packages were discovered in 2025 alone, a 75% jump year over year.
This blog examines what drove those numbers, how the most significant supply chain attacks of 2024 and 2025 actually worked, why traditional security controls are structurally unable to stop them, and what a credible response looks like.
| 2x increase in third-party breach involvement in a single year, 15% to 30% (Verizon DBIR 2025) | $4.91M average cost of a supply chain breach, the highest of any attack vector (IBM 2025) | 267 days average time to detect and contain a supply chain breach (IBM 2025) | 454,600+ malicious open source packages discovered in 2025 alone |

A supply chain cyber attack targets a victim indirectly by first compromising something the victim trusts: a software vendor, a managed service provider, an open source component, a build pipeline, or a support portal. The attack exploits the trust relationship between the victim and the third party, using that trust as the entry path that bypasses the victim’s own security controls.
The defining characteristic is that the victim organization did not make the mistake that created the vulnerability. The compromised software update was signed by the legitimate vendor. The malicious package carried the same name as the legitimate one. The service provider credentials were valid. From the perspective of every security control the victim had in place, the traffic looked authorized, the files looked legitimate, and the access looked normal.
This is what makes supply chain attacks categorically different from other threat vectors and why the security industry’s traditional response, build higher walls and better filters, cannot address them. The attack enters through a door the organization deliberately left open.
| Attack Type | Entry Mechanism | Why Traditional Controls Miss It |
| Software update hijack | Attacker compromises a vendor’s build or update infrastructure; malicious code is signed with the vendor’s legitimate certificate and distributed as a routine update | Code signing verification passes because the attacker used the real signing key; the update arrives through the expected channel |
| Open source package compromise | Attacker publishes a malicious package under a legitimate package name (typosquatting), takes over an abandoned package, or inserts malicious code into a maintained package | Package managers install whatever the dependency file specifies; no signature mismatch, no network anomaly |
| Managed service provider (MSP) pivot | Attacker compromises an MSP’s administrative access to customer environments and uses legitimate management tools to move laterally across all customer networks simultaneously | MSP access is pre-authorized; lateral movement uses legitimate administrative tools that generate no malware detections |
| Vendor support portal compromise | Attacker uses stolen credentials to access a vendor’s customer support platform and extracts data on all customers or uses the access to push malicious configurations | Access uses valid credentials; no vulnerability exploitation, no malware deployment |
| CI/CD pipeline injection | Attacker gains access to a target’s or vendor’s build pipeline and injects malicious code that is compiled into the application before it ships | The malicious code is built and signed by the legitimate build process; delivered as a legitimate application update |
The XZ Utils backdoor is the most technically sophisticated supply chain attack ever publicly documented. Beginning in 2021, a threat actor operating under the identity ‘Jia Tan’ spent approximately two years contributing legitimate, high-quality code to the XZ Utils open source project, a data compression library present in virtually every Linux distribution. Over that period, the actor built trust with the existing maintainer, gradually assumed co-maintainer status, and systematically worked toward inserting a backdoor.
The backdoor itself, inserted in early 2024, was concealed in test files attached to the repository rather than in the primary source code. It targeted SSH authentication specifically, bypassing the standard authentication mechanism for connections made by the attacker’s key. The attack was discovered accidentally by a Microsoft engineer who noticed that a system running a pre-release version of the compromised library had slightly higher CPU utilization than expected during SSH connections.
Had it not been discovered, the backdoor would have shipped in stable releases of Debian, Fedora, Red Hat, and other major Linux distributions, providing the attacker with unauthorized access to an effectively uncountable number of systems. The attack required no vulnerability. It required trust, patience, and a two-year investment in building a legitimate reputation.
| What XZ Utils Demonstrates About Modern Supply Chain Threats The XZ Utils attack did not exploit a zero-day. It exploited the open source contribution model itself. The attacker became a trusted contributor. The code passed code review. The commits looked legitimate because they were, until the final stage. No perimeter security control, no endpoint detection tool, and no vulnerability scanner would have identified this attack before deployment. The only detection that worked was behavioral: something about the system’s performance was slightly wrong. That anomaly, noticed by a developer who was paying close attention to system behavior, is the only reason the attack became public knowledge. |

The MOVEit campaign executed by the Cl0p ransomware group is the single largest supply chain breach by victim count ever recorded, affecting 2,773 organizations and more than 95 million individuals. The attack exploited a SQL injection vulnerability in MOVEit Transfer, a managed file transfer platform used by organizations to exchange sensitive data with partners, vendors, and customers.
The structural reason for the scale is what makes MOVEit a supply chain attack rather than a conventional breach: MOVEit sits at the intersection of multiple organizational networks by design. It exists specifically to exchange data between organizations. A single vulnerability in MOVEit granted Cl0p access to every organization that used the platform to exchange data, with the breach propagating downstream to any organization that received files from a compromised MOVEit installation.
The campaign operated through exfiltration only, no encryption, no ransomware deployment. Cl0p stole data and threatened public release. This meant that backup strategies and incident response playbooks designed around encryption-based ransomware were irrelevant. The data was already gone before most organizations were aware of the vulnerability.
| The MFT Problem Is Structural Managed file transfer platforms accounted for 44% of all zero-day attacks in 2025, according to IBM. This is not coincidence. MFT platforms are specifically designed to sit at the boundary between organizations, which means a single vulnerability in an MFT product grants access to every organization in its network simultaneously. The attacker gets multiplicative returns on a single investment. The downstream victims in MOVEit, organizations that received files from a compromised installation, had no vulnerability in their own systems. They were breached because they trusted a partner who trusted MOVEit. That chain of trust, which is precisely what makes file transfer workflows function, is what made the breach propagate. |
The PowerSchool breach in January 2025 is the clearest example of how supply chain attacks do not require sophisticated technical exploits. PowerSchool provides student information systems to school districts across North America. An attacker used stolen credentials to access PowerSchool’s customer support portal, a tool designed to allow support staff to access customer data.
The portal lacked multi-factor authentication. The stolen credentials were sufficient for full access. From that single support portal login, the attacker was able to access data on 62.4 million students and 9.5 million teachers across 6,505 school districts. Not one of those districts had a vulnerability in its own systems. Every one of them trusted PowerSchool with their data, and that trust was the attack surface.
The breach is also notable for what it demonstrates about the downstream impact of vendor incidents. School districts are not security organizations. They cannot audit PowerSchool’s internal security controls. They have no visibility into whether the vendor’s support portals have MFA enabled. They trusted a vendor that failed them, and the students and teachers in their systems paid the cost.

The failure of conventional security controls against supply chain attacks is not a question of implementation quality. Organizations with mature security programs, strong perimeter controls, and comprehensive endpoint detection have been breached through their supply chains. The failure is structural: the controls are designed to detect and block activity that is unauthorized, but supply chain attacks enter through authorized channels.
| Security Control | What It Is Designed to Stop | Why It Fails Against Supply Chain Attacks |
| Firewall and network perimeter | Unauthorized inbound connections, known malicious IPs, unexpected outbound traffic | Supply chain attacks use authorized vendor connections, legitimate update channels, and pre-approved remote access. The traffic is expected and permitted. |
| Endpoint detection and response (EDR) | Malware signatures, suspicious process behavior, known attack patterns | XZ Utils contained no malware. MOVEit exploited a legitimate web application. PowerSchool used valid credentials. None of these generate EDR alerts. |
| Vulnerability scanning | Known CVEs in the organization’s own systems and applications | The vulnerability in MOVEit was in the vendor’s product, not the organization’s. The backdoor in XZ Utils was not a CVE. Vendor systems are not in scope for most vulnerability scans. |
| Penetration testing | Weaknesses in the organization’s own infrastructure and applications | Penetration tests assess what the organization controls. They do not assess vendor build pipelines, open source dependencies, or MSP security posture. |
| Security questionnaires and audits | Documented vendor security practices at a point in time | The XZ Utils backdoor was inserted after any reasonable audit would have assessed the project as trustworthy. PowerSchool’s questionnaire responses presumably did not include ‘our support portal lacks MFA.’ |
| SIEM and log correlation | Known attack patterns and anomalies in the organization’s own log sources | Vendor-side events, open source repository compromises, and support portal breaches do not generate logs in the customer’s SIEM. The attack is invisible until it manifests inside the customer environment. |
| The 78% Visibility Gap SecurityScorecard’s 2026 Supply Chain Cybersecurity Trends Report found that 78% of organizations admit their internal cybersecurity programs cover less than 50% of their total vendor ecosystem. The vendors they are not monitoring represent exactly the attack surface supply chain threat actors target: the less monitored, the more attractive. The same report found that 90% of security leaders are confident their organization could continue operations during a vendor breach. Given that 62% of organizations have experienced a supply chain attack in the past two years, this confidence appears to be based on an incomplete picture of what ‘continuing operations’ looks like when a major vendor is compromised. |
The supply chain attack surface is expanding faster than organizational monitoring programs are designed to track. Three structural forces are driving the acceleration.
Modern software is not primarily written by the organizations that deploy it. It is assembled from open source components, and those components have their own dependencies. Ninety-seven percent of commercial codebases contain open source components. The typical enterprise application has hundreds of direct and transitive dependencies. In 2025, 9.8 trillion package downloads were recorded across major registries.
Attackers have recognized this. More than 454,600 malicious packages were discovered in 2025, a 75% year-over-year increase. The majority of these target the npm registry, which serves JavaScript and Node.js developers and is the most downloaded package ecosystem by volume. The September 2025 Shai-Hulud worm was the first self-replicating worm ever observed in a package registry, spreading across npm through compromised developer tokens and infecting approximately 1,000 packages before detection.
PowerSchool was not an isolated incident. The vendor support portal pattern, in which an attacker uses stolen credentials to access a platform that was designed to give vendor staff visibility into customer environments, has become a recurring attack vector. These portals exist precisely because vendors need access to customer systems to provide support. That necessity creates an access point that sits outside the customer’s control and is frequently less well-secured than the customer’s own environment.
The attacker does not need to breach the customer directly. They need to breach the vendor’s support infrastructure, which is typically smaller, less well-resourced, and less scrutinized than the customer’s production environment.
A new vector identified in 2025 is AI-assisted package discovery and slopsquatting: registering package names that AI coding assistants are known to suggest or hallucinate, then waiting for developers using AI code generation to install the malicious package automatically. ENISA’s Threat Landscape 2025 identifies this as one of the fastest-growing software supply chain attack patterns, representing a direct consequence of the widespread adoption of AI coding tools in enterprise development environments.
Defending against supply chain attacks requires accepting that the perimeter model is insufficient and rebuilding the security program around a different assumption: that the most significant threats will enter through trusted relationships, and that detecting them requires visibility into those relationships from the outside, not just controls at the boundary.
| Capability | How It Addresses Supply Chain Attack Risk |
| External Attack Surface Management for vendors | Continuously discovers and monitors the external security posture of your critical vendors, identifying exposed services, expired certificates, and newly discovered vulnerabilities before they become incident triggers |
| Dark web credential monitoring for vendor accounts | Tracks vendor employee and service account credentials appearing in infostealer logs and breach dumps, surfacing indicators that a vendor’s internal systems may be accessible to attackers |
| Ransomware and threat actor targeting intelligence | Monitors threat actor activity for campaigns targeting your vendors’ sectors and technologies, providing early warning of supply chain-focused attack campaigns before they activate |
| Vendor breach and leak site monitoring | Tracks ransomware leak sites and dark web forums for data associated with your vendors, providing early detection of vendor incidents that may have downstream consequences for your organization |
| Shadow IT and asset discovery | Identifies unauthorized vendor relationships and SaaS services in use across your organization that represent unmonitored supply chain risk |
| Continuous 24/7 monitoring | Provides the real-time detection cadence that quarterly questionnaires and annual audits structurally cannot match |
| RELATED READING Third-Party Risk: How Your Supplier’s Vulnerability Becomes Your Breach: https://brandefense.io/blog/third-party-risk-management-vendor-breach-cascade/ : the operational risk mechanics behind supply chain compromise Why Vendor Security Questionnaires Do Not Work: https://brandefense.io/blog/why-vendor-security-questionnaires-dont-work/ : why point-in-time assessments cannot detect supply chain attacks in progress |

Take control of your digital security with an exclusive demo of our powerful threat management platform.