Although these malicious attacks have significantly decreased since 2019, they continue to affect hundreds of thousands of customers globally, resulting in substantial financial losses, data breaches, intellectual property theft, and reputational damage.
According to data presented by Stocklytics.com, more than 183,000 customers were affected by supply chain cyberattacks in 2024, representing a 33 per cent increase from the previous year.
Prior to 2020 and 2021, supply chain attacks might have gone unnoticed. However, the attacks on Kaseya, SolarWinds, and Codecov, which caused hundreds of millions of dollars worth of damage, have thrust them into the spotlight of cybersecurity strategies.
These attacks are designed to cause mass disruption through a single breach, targeting software updates, build processes, and source code by exploiting insecure servers and protocols. As these updates are released by trusted vendors, the malicious code is disseminated without anyone realising the vulnerability, leading to a ripple effect that can impact multiple organisations and affect thousands, if not millions, of victims.
Although the number of software packages affected by these malicious attacks has decreased in 2024, the number of affected consumers continues to rise. According to Comparitech data, a total of 590 software packages have been affected by supply chain cyberattacks in 2024, roughly 40 times fewer than last year. Despite this significant drop, the number of customers affected by these attacks increased by 33 per cent.
In 2024, approximately 183,000 customers were affected by supply chain cyberattacks worldwide, or 50,000 more than last year. However, this is still a far cry from the annual peak of over 263 million impacted customers reported in 2019.
The Comparitech data revealed that most suppliers were attacked through social engineering, which targeted their open-source and proprietary code. Conversely, customers were mainly attacked through malware infection and phishing, targeting processes and personal data.
Although the number of affected software packages and the victims of supply chain cyberattacks has dropped significantly since its peak in 2019 and 2021, the aftermath of these attacks remains shocking.
Since 2011, more than 227,000 software packages have been affected by these malicious attacks, causing the total number of victims to exceed 700 million. With modern supply chains being highly complex and interconnected, and companies trusting third-party vendors and granting them access to sensitive systems and data, these attacks will continue to cause widespread disruption.