Software Supply Chain Attacks Surging. Sponsored By Exiger.

Introduction

Cybersecurity Ventures predicts that the global annual cost of software supply chain attacks to businesses will skyrocket to an astonishing $ 138 billion by 2031. This marks a substantial increase from $ 60 billion in 2025 and $ 46 billion in 2023, with projections based on a 15% year-over-year growth.

This alarming trend highlights the rising volume and frequency of software supply chain attacks, as cybercriminals increasingly exploit digital connections among vendors, partners, and customers. Gartner has forecasted that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, reflecting a three-fold increase since 2021.

Three major software supply chain attacks underscore the severity of this cyber threat:

1. May 2023 Ransomware Attack: A ransomware group called Clop exploited a zero-day vulnerability in Progress Software's MoveIT Enterprise file transfer tool. This widespread assault targeted government entities, public organizations, and businesses globally, affecting more than 2,600 organizations and 77 million individuals, including New York City's Public School System and a UK-based HR solutions and payroll company with clients like British Airways and the BBC.

2. June 2024 Data Compromise: Up to 165 customers of the cloud storage provider Snowflake were compromised due to login credentials stolen via information-stealing malware. Research from Mandiant, a Google-owned security firm, revealed that data from Live Nation’s Ticketmaster group was stolen and offered for sale. The breach jeopardized the full names, addresses, phone numbers, and partial credit card numbers of 560 million Ticketmaster customers.

3. June 2024 Cyber Attacks on CDK Global: Approximately 15,000 car dealerships across the U.S. and Canada faced critical disruptions due to cyber attacks on CDK Global, a provider of dealer management systems. Following the attacks, Bloomberg reported that the company intended to pay tens of millions of dollars to restore services. Direct losses to the impacted dealerships are projected to reach $ 1 billion, with initial estimates indicating costs of $ 600 million over just the first two weeks.

In response to these rising threats, Brandon Daniel, CEO of Exiger, emphasizes the need for a comprehensive approach to managing software risks. This includes addressing infrastructure dependency risks and evaluating API and edge network risks while ensuring sensitive data is not overly exposed.

Exiger is dedicated to revolutionizing the way corporations, government agencies, and banks navigate risk and compliance within their third-party supply chains through innovative software and technology-enabled solutions.

Keywords

• Software supply chain attacks
• Cybersecurity Ventures
• Clop ransomware
• MoveIT
• Snowflake data breach
• CDK Global
• Information-stealing malware
• Third-party risk management

FAQ

What are software supply chain attacks?
Software supply chain attacks involve exploiting vulnerabilities within the interconnected software systems of vendors, partners, and customers.

What is the projected cost of software supply chain attacks by 2031?
The global annual cost is projected to reach $ 138 billion by 2031.

Which notable companies have experienced significant software supply chain attacks?
Notable incidents include attacks on Progress Software in 2023, Snowflake in 2024, and CDK Global in 2024.

Why is third-party risk management important?
Third-party risk management is essential to mitigate risks associated with software dependencies, ensuring that businesses protect their data and infrastructure effectively.

How can organizations protect themselves from software supply chain attacks?
Organizations can enhance their security by implementing robust risk management strategies, regularly updating software, and ensuring stringent access controls for APIs and other digital connections.