TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

ESET WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot?

2026-04-16 · Read original ↗

ATT&CK techniques detected

22 predictions
T1195Supply Chain Compromise
98%
“frequency of supply chain incidents – and how broadly ‘ supply chain ’ really stretches. the 3cx compromise of 2023 – where bad actors trojanized a legitimate software update to the voip developer ’ s product, potentially exposing its 600, 000 customers – showed how an incident a…”
T1195Supply Chain Compromise
97%
“without an attacker involved, showing showed that supply chain risk isn ’ t only about malice. a botched update release travels the same rails as a malware - laden one, and dependence on a single vendor can turn one point of failure into a global disruption. echoing eset ’ s find…”
T1195Supply Chain Compromise
89%
“. 5 billion emergency loan guarantee to forestall a national economic and workforce crisis. deemed the costliest cyberattack in uk history, it resulted in over £1. 9 billion in total economic damage. the marks & spencer ( m & s ) attack of april 2025 followed a similar pattern. t…”
T1195Supply Chain Compromise
88%
“by 2031. statistics like these should put cyber supply chain risk on every business leader ’ s short list of concerns. what are the top cyber supply chain blind spots? supply chain cybersecurity risk concerns all possible ways that attackers could infiltrate a company ’ s network…”
T1195Supply Chain Compromise
87%
“chipsets or iot devices at the source. some of the cyber supply chain blind spots that threaten many organizations include : - thinking your business is more resilient than it actually is ( false sense of security ) due to inadequate risk assessment. - geopolitically motivated in…”
T1195Supply Chain Compromise
85%
“a product or service from its origin to the final customer, encompassing sourcing, production, distribution, and delivery. modern supply chains are often global and involve complex international logistics or connections. supply chain disruption gives rise to multiple, interrelate…”
T1195Supply Chain Compromise
84%
“##ilience is a competitive differentiator at the survival level. cybercriminals are keen to identify and target an organization ’ s third - party linkages either upstream or downstream. it ’ s possible that a chain of disrupted partners could face collective extortion pressure – …”
T1195Supply Chain Compromise
82%
“supply chain dependencies : have you checked your blind spot? some cyber business risks only show up when you take a closer look. supply chain blind spots are a perfect example. behind these essential third - party connections, products and services can lurk unseen vulnerabilitie…”
T1195Supply Chain Compromise
81%
“- check whether your managed security solution provider ( s ) and other critical vendors have reviewed their own geopolitical cyber risk exposure. if a third party manages your incident detection and response ( mdr ) capability, for example, their solution becomes part of your at…”
T1195.002Compromise Software Supply Chain
79%
“frequency of supply chain incidents – and how broadly ‘ supply chain ’ really stretches. the 3cx compromise of 2023 – where bad actors trojanized a legitimate software update to the voip developer ’ s product, potentially exposing its 600, 000 customers – showed how an incident a…”
T1195Supply Chain Compromise
78%
“compromised, would wreak instant havoc on a large scale. the sheer complexity of many modern supply chains makes identifying every single risk untenable. the question then becomes, where do you draw the line? how deep and detailed is your vendor risk assessment? and what level of…”
T1486Data Encrypted for Impact
78%
“compromised, would wreak instant havoc on a large scale. the sheer complexity of many modern supply chains makes identifying every single risk untenable. the question then becomes, where do you draw the line? how deep and detailed is your vendor risk assessment? and what level of…”
T1592.002Software
69%
“frequency of supply chain incidents – and how broadly ‘ supply chain ’ really stretches. the 3cx compromise of 2023 – where bad actors trojanized a legitimate software update to the voip developer ’ s product, potentially exposing its 600, 000 customers – showed how an incident a…”
T1592.002Software
56%
“without an attacker involved, showing showed that supply chain risk isn ’ t only about malice. a botched update release travels the same rails as a malware - laden one, and dependence on a single vendor can turn one point of failure into a global disruption. echoing eset ’ s find…”
T1195.001Compromise Software Dependencies and Development Tools
53%
“by 2031. statistics like these should put cyber supply chain risk on every business leader ’ s short list of concerns. what are the top cyber supply chain blind spots? supply chain cybersecurity risk concerns all possible ways that attackers could infiltrate a company ’ s network…”
T1588.002Tool
50%
“were killed and 3, 000 injured after equipment purchased by hezbollah was systematically intercepted and weaponized for years. talk about a supply chain blind spot … what are key considerations around geopolitical supply chain risk? with iran launching drone strikes against amazo…”
T1195Supply Chain Compromise
42%
“caused widespread distribution. intended to target the ukrainian economy, the attack spread notpetya wiper malware to organizations worldwide, sowing destruction estimated to cost $ 10 billion. the attack was later attributed to a russia - aligned source. even hardware components…”
T1486Data Encrypted for Impact
42%
“frequency of supply chain incidents – and how broadly ‘ supply chain ’ really stretches. the 3cx compromise of 2023 – where bad actors trojanized a legitimate software update to the voip developer ’ s product, potentially exposing its 600, 000 customers – showed how an incident a…”
T1195.001Compromise Software Dependencies and Development Tools
36%
“frequency of supply chain incidents – and how broadly ‘ supply chain ’ really stretches. the 3cx compromise of 2023 – where bad actors trojanized a legitimate software update to the voip developer ’ s product, potentially exposing its 600, 000 customers – showed how an incident a…”
T1195.001Compromise Software Dependencies and Development Tools
34%
“. 5 billion emergency loan guarantee to forestall a national economic and workforce crisis. deemed the costliest cyberattack in uk history, it resulted in over £1. 9 billion in total economic damage. the marks & spencer ( m & s ) attack of april 2025 followed a similar pattern. t…”
T1592.002Software
31%
“##ilience is a competitive differentiator at the survival level. cybercriminals are keen to identify and target an organization ’ s third - party linkages either upstream or downstream. it ’ s possible that a chain of disrupted partners could face collective extortion pressure – …”
T1195.001Compromise Software Dependencies and Development Tools
30%
“without an attacker involved, showing showed that supply chain risk isn ’ t only about malice. a botched update release travels the same rails as a malware - laden one, and dependence on a single vendor can turn one point of failure into a global disruption. echoing eset ’ s find…”

Summary

Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?