Modern supply chain attacks are no longer isolated events. Rather, phishing, identity theft, malicious extensions, data breaches, ransomware, and extortion are becoming more and more interrelated steps of a single attack chain, where each step reinforces the next.
This was one of the findings of Group IB’s High-Tech Crime Trends Report 2026, based on Intelligence drawn from Group-IB’s Digital Crime Resistance Centers (DCRCs) across 11 countries worldwide, enriched by adversary-focused telemetry, hands-on cybercriminal investigations, and 24/7 global monitoring of underground ecosystems.
Other key findings include:
Open-source ecosystems are under attack: The package repositories npm and PyPI have become the number one target, with stolen credentials for maintainers and automated malware worms to compromise popular libraries, turning development pipelines into large-scale distribution channels for malware.
The malicious browser extension threat: Threat actors increasingly leverage trusted browser extensions, hijacking official marketplaces and developer accounts to steal credentials, hijack sessions, and steal financial information directly from the browser.
Phishing as an identity compromise vector: AI-powered phishing attacks now target high-trust integrations and OAuth flows, enabling attackers to bypass MFA and establish persistent, legitimate access to SaaS applications, CI/CD pipelines, and cloud infrastructure.
Data breaches as force multipliers: Instead of leaking data for single victims, attackers are shifting focus upstream – breaching service providers and integration layers to trigger multi-tenant data exposure and downstream effects.
The industrialized ransomware supply chain: Initial Access Brokers, data brokers, and ransomware actors have formed highly integrated ecosystems, with a focus on upstream attack points to maximize operational and financial impact.
Cascading Failures of Trust
Commenting on the findings, Dmitry Volkov, CEO of Group-IB, said: “Cybercrime is no longer defined by single breaches. It is defined by cascading failures of trust. Attackers are industrializing supply chain compromise because it delivers scale, speed, and stealth. A single upstream breach can now ripple across entire industries. Defenders must stop thinking in terms of isolated systems and start securing trust itself, across every relationship, identity, and dependency.”
Jamie Akhtar, CEO and Co-Founder of CyberSmart, added: “This research confirms what we’ve long suspected: modern supply chain risk doesn’t live in isolated systems but in interconnected ecosystems where breaches cascade across organizations.”
Blending Into Normal Activity
This trend, he said, shows how attacks on upstream vendors, open-source projects, browser extensions and managed service platforms can give adversaries inherited access to downstream customers, credentials, and trust relationships. “Once attackers get that foothold, they can blend into normal activity, pivot laterally, and use those access paths to tailor phishing, impersonation or ransomware campaigns against others across the supply chain. Incidents like this, where one breach fuels another, reinforce why supply chain cyber risk can’t be treated as a single supplier issue or checklist item.”
Akhtar says businesses should adopt a consistent, standards-based approach to managing supply chain risk. “This includes clearly defining what access suppliers need, limiting it wherever possible and ensuring strong authentication and ongoing oversight across shared systems. Transparency and clear expectations between organisations and their suppliers are critical to preventing isolated incidents from becoming wider supply chain failures.”
Interestingly, Akhtar the research states that MSPs are a high-priority target for cybercriminals because a single compromise can lead to attackers gaining access to hundreds of customers. “The CyberSmart 2025 MSP Report found that MSPs potentially underestimate supply chain attacks as a threat, with just 15% of the 900 surveyed MSP leaders globally listing it as a major concern. Supply chain hacks on MSPs are already happening: In May 2025, for example, the Dragonforce ransomware gang breached an MSPs remote monitoring and management (RMM) tool in order to conduct a supply chain attack.”
A Structured Approach to Supply Chain Security
To counter this growing threat, he advises MSPs to take a proactive and structured approach to supply chain security. “That starts with implementing recognised security standards, applying least-privilege access across remote monitoring and management (RMM) tools and enforcing strong multi-factor authentication on all administrative accounts. Continuous monitoring of privileged activity, regular access reviews and strict segmentation between customer environments are critical to preventing a single compromise from cascading across multiple clients. MSPs should also extend due diligence to their own technology vendors, ensuring third-party tools meet clear security and compliance benchmarks. Ultimately, collective supply chain risk demands collective accountability.”
Organisations, including MSPs, should look at the NCSC’s Cyber Essentials Supply Chain Playbook for further advice, Akhtar ended.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.