Why are digital supply chains is such a popular target for threat actors?

Cyberattacks against the digital supply chain are nothing new. Reports of attacks against this essential business function surfaced in as early as 2015 – long before the infamous SolarWinds hack took place in December 2020, which, for many people, was their introduction to digital supply chains and their vulnerabilities.

However, attacks against the digital supply chain have skyrocketed in recent years, particularly when it comes to distributed denial-of-service (DDoS) attacks. For example, in the second half of 2021 alone, NETSCOUT’s 2H2021 Threat Intelligence Report discovered a 606 percent increase in DDoS attacks against software publishers, along with a 162 percent increase in attacks on computer manufacturers, in addition to a 263 percent increase against computer storage manufacturing. Despite much of the world returning to normal following the disruption of the pandemic, as well as the rate of overall DDoS attacks decreasing during this time, the digital supply chain has very much remained a prime target.

When cybercriminals put this much effort into attacking a particular area, it’s imperative to understand why. It is also important to know the steps that organizations can take to protect themselves from such attacks.

ATTACKS AGAINST THE DIGITAL SUPPLY CHAIN

The potential disruption following a successful attack makes the digital supply chain an attractive target for bad actors. An example of this can be found in the aftermath of the 2021 cyberattack against Kaseya, an IT solutions developer for managed service providers (MSPs) and enterprise clients. By attacking Kaseya, threat actors discovered that the software had numerous cybersecurity vulnerabilities, allowing them to gain a backdoor into the IT systems of the many businesses Kaseya’s software supported. This resulted in more than 1,500 organizations worldwide having their IT systems completely paralyzed. REvil, the Russian criminal gang behind the attack, was even able to demand ransom payments from the companies impacted by the campaign.

Further to this, attacking the digital supply chain gives cybercriminals the capacity to compromise enterprise networks by attacking connected applications or services which are utilized by third parties, for example, suppliers. Using the SolarWinds incident as an example, attackers targeted the organization in order to gain access to a catalog of lucrative customers and suppliers. This means that a digital supply chain attack may in fact trigger a chain reaction across several companies connected to the intended target, increasing the difficulty when it comes to identifying and preventing the attack. The availability and use of open-source tools is another complicating factor, greatly impacting traceability and attribution efforts.

Worryingly, it’s often the case that businesses do not consider the risk posed by cyberattacks serious enough to protect themselves against them. In its own research, the Department for Digital, Culture, Media, and Sport found that 91 percent of executives from leading companies in the UK consider cyber threats to be very high or high risk. However, almost a third admitted to taking no action on supply chain security, with just seven in ten respondents actively managing possible supply chain risks. It is vital for all businesses to adequately protect their digital supply chains in order to prevent cyberattacks, particularly DDoS attacks, from devasting their online infrastructure.

HOW CAN ORGANISATIONS PROTECT THEIR DIGITAL SUPPLY CHAINS?

There are several steps organizations can take to prevent cyberattacks from wreaking havoc across their digital supply chains.

Looking specifically at DDoS attacks, it is vital for businesses to invest in a DDoS mitigation system that is both strong and effective. Through the implementation of comprehensive DDoS protection, organizations can rest assured that should their digital supply chains be the target of a DDoS attack campaign, the potential damage caused will be kept to a minimum and almost entirely neutralized.

However, simply having a system in place is not enough. Organizations must ensure these solutions are regularly maintained and tested so that any changes in attack methodology can be identified. By periodically testing the systems in this way, not only are changes to businesses’ digital supply chains incorporated into the mitigation plan, but organizations are also provided with insights into new trends and types of DDoS attacks, as well as how to proactively prepare for them. Organizations should also consider partnering with an on-demand cybersecurity specialist. By utilizing this expertise, they will be able to negotiate unfamiliar situations, which should prove to be beneficial to the business. Organizations will also be well-equipped to defend their digital supply chains should they become a target for criminal activity, so long as they adhere to best current practice (BCP) procedures. This includes acting in accordance with situationally specific network access policies that permit internet traffic solely through required IP protocols and ports.

With threat actors launching an increasing number of cyberattacks against the digital supply chain, it’s vital for enterprises to take the necessary steps to protect this vital business function from nefarious activity. This will put organizations in a strong position to defend themselves should they be the target of cybercriminal activity, such as DDoS attacks.

Quick Commerce and the Retail Media Revolution

Sue Azari • 11th June 2025

Quick commerce has transformed the way consumers shop, redefining convenience with near-instant delivery of groceries, meals, and household essentials. However, beyond its impact on logistics and e-commerce, quick commerce is now emerging as a major force in digital advertising. As consumer behaviours shift toward on-demand purchases, these platforms are leveraging their vast first-party data and...

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...