"A single breach can spread to hundreds of targets... Cybercrime riding the supply chain" [Daily IT Item]

[The Financial News] Cybercrime is moving away from attacks on single companies and increasingly aiming at entire supply chains that link many organizations. Attackers first compromise one point, then expand their access rights to hundreds of connected organizations, allowing them to spread widely in a short period of time.
According to the cybersecurity industry on the 16th, Group-IB, a cybersecurity company, stated in its annual "High-Tech Crime Trends Report 2026" that supply chain attacks have emerged as a key factor reshaping the global cyber threat landscape. Attackers are carrying out so-called "chain attacks" against targets such as open-source software, Software as a Service (SaaS) platforms, browser extensions, and managed service providers (MSP).
The report is based on global telemetry data and real-world incident response cases. It identifies several major threats: expanding attacks on the open-source ecosystem, a rise in malicious browser extensions, more sophisticated identity theft using Artificial Intelligence (AI)-driven phishing, cascading data breaches in multi-tenant environments, and an industrialized ransomware supply chain.
In the open-source ecosystem, attacks targeting package repositories such as the npm package manager and registry (npm) and Python Package Index (PyPI) are on the rise. Threat actors hijack administrator accounts or plant malicious code to infect libraries used by developers, then exploit normal development workflows as a channel to distribute malware.
In browser extension attacks, adversaries compromise official marketplaces or developer accounts, insert malicious code, and then steal users' login credentials, sessions, and financial information.
Phishing attackers leveraging AI target OAuth (Open Authorization) flows or enterprise single sign-on systems to bypass Multi-Factor Authentication (MFA) and maintain persistent access to SaaS platforms or cloud computing environments. Because their activity often resembles legitimate user behavior, it is difficult to detect.
Ransomware attacks are also carried out through collaboration among Initial Access Broker (IAB) operators, data sellers, and ransomware deployment groups.
Dmitry Volkov, chief executive officer (CEO) of Group-IB, said, "Cybercrime is no longer a one-off hacking incident," and stressed, "Companies must go beyond protecting individual systems and safeguard their entire trust architecture, including user identities, dependencies on external services, and supply chain relationships."
kaya@fnnews.com Choi Hye-rim Reporter