Digital supply chains are becoming increasingly complex, incorporating interconnected systems and processes that manage the flow of goods, data, and finances around the world.

Even if an organisation has strong cyber security basics in place, cyber criminals can try and find their way into a system by using a trusted third-party supplier that lacks adequate security -the weakest link in the chain. Attackers will often target these less secure vendors as a means to circumvent the more stringent security measures of the primary organisation. By establishing a presence within the supplier's network, an attacker can leverage this trust to infiltrate a more secure network. Organisations in a supply chain are only as safe as the security of their trusted partners and suppliers. With this in mind, Every organisation within a supply chain needs to trust the other parties when they implement software within their networks or engage in partnerships through vendor or contractor agreements. Supply chain cyber security assurance has never been more critical.

Managed service providers (MSPs) are a frequent target for supply chain attacks. MSPs, which provide services such as networking, maintenance, or other IT services, often have extensive access to their clients' networks. Attackers can take advantage of weaker security protocols within MSPs to extend their reach into the networks of the MSPs' clients. By targeting these supply chain vulnerabilities, attackers can amplify their impact and breach networks that would typically be challenging to compromise directly.

In recent years, we have seen a number of high-profile, large-scale cyber attacks launched against organisational supply chains. Only a small percentage have been reported to the public and this means that these known attacks are just a fraction of a much bigger problem.

Below, we summarise a few of the most well known supply chain cyber attacks:

Synnovis

On 4th June 2024, there was a serious ransomware attack on Synnovis, a pathology service provider to the National Health Service (NHS.

What happened: The ransomware attack by Russian cyber criminal group Qilin caused widespread disruption to pathology services across south east London. Blood transfusions, test results, operations related to cancer treatments and even C-sections had to be rescheduled. The attackers stole and leaked 400GB worth of sensitive data and attempted to extort money from Synnovis. 

How the attacker gained access: The system vulnerability exploited in the Synnovis cyber attack was not explicitly disclosed. However, Beverley Bryant, strategic advisor in the frontline digitisation team at NHS England, said that the ransomware attack on Synnovis "may not have happened" if two-factor authentication had been in place.

Result/Damage: More than 3,000 hospital and GP appointments were disrupted by the attack and “the estimated direct operational financial impact of the cyber attack for 2024 was £32.7m” .

The cyber criminal group shared almost 400GB of private information on their darknet site. A sample of the stolen data included patient names, dates of birth, NHS numbers and descriptions of blood tests. There were also business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis. Cyber security expert Ciaran Martin told the BBC it was "one of the most significant and harmful cyber attacks ever in the UK."

Colonial Pipeline

The Colonial Pipeline cyber attack was a significant ransomware incident that occurred 7th May 2021.

What happened: The cyber criminal group known as DarkSide launched a ransomware attack on Colonial Pipeline, which is one of the largest pipeline operators in the United States, responsible for carrying gasoline, diesel, and natural gas along the East Coast. The ransomware encrypted some of the company's data and the group demanded payment for the decryption key.

How the attacker gained access: The attackers reportedly gained access to Colonial Pipeline's network using a compromised VPN password. The VPN account, which was no longer in use at the time of the attack but could still be accessed, did not use multifactor authentication, allowing the attackers to login undetected.

Result/damage: As a result of the attack, Colonial Pipeline proactively shut down its operations to contain the threat, leading to widespread fuel shortages across the East Coast of the United States. This was one of the most disruptive cyber attacks on record, as it affected the supply chain and raised the price of gasoline. The company reportedly paid a ransom of approximately $4.4 million in crypto currency to the attackers, although some of this ransom was later recovered by the U.S. Department of Justice. The incident prompted a significant response from the U.S. government, including new cyber security directives for critical infrastructure operators.

Maersk

The cyber attack on the shipping giant A.P. Moller-Maersk, known simply as Maersk, was a significant event that took place on 27th June 2017 as part of a larger global cyber attack wave.

What happened: Maersk was hit by the NotPetya ransomware, a powerful and destructive strain of malware. NotPetya initially spread via a compromised update to a Ukrainian tax software called MeDoc, and it quickly propagated across networks worldwide. The malware encrypted files on infected systems, rendering them inoperable and demanding a ransom to unlock them. However, NotPetya was later identified as a "wiper" malware, meaning its primary purpose was to cause damage rather than to collect ransom payments.

How the attacker gained access: The NotPetya malware exploited vulnerabilities in Microsoft Windows operating systems, including the one used by the NSA tool called EternalBlue, which had been leaked online by a group called the Shadow Brokers. Once inside a network, NotPetya used a variety of methods to spread laterally, including stealing credentials to move across connected systems.

Microsoft had released a patch over three months earlier that would close the security vulnerability completely. However, many businesses fail to update their software regularly, meaning updates are not installed and their operating systems are vulnerable to attacks.

Result/damage: The cyber attack had a massive impact on Maersk's operations, shutting down IT systems across its business units, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers. The company was forced to revert to manual systems to maintain some of its operations. The financial impact on Maersk was significant, with estimated losses of $200 million to $300 million due to the disruption. The attack also highlighted the vulnerability of global supply chains to cyber threats and the importance of cyber security resilience in the shipping and logistics sectors.