Cyberattacks surged in 2025, with third party attacks seeing a huge rise

News
By published

Third-party attacks have doubled in recent months, study finds

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)
  • Cybercriminals are increasingly using vulnerable companies to target their partners and peers
  • The number of third-party incidents doubled year-on-year, Verizon's new report shows
  • The attacks are used to gain access to target organizations

New research has claimed the involvement of third parties in data breaches has doubled, and is now seen in 30% of all cyberattacks.

The 2025 Data Breach Investigations Report (DBIR) from Verizon Business, which is based on more than 22,000 security incidents and 12,195 confirmed data breaches, found supply chain and partner ecosystems are being increasingly abused in cyberattacks.

Cybercriminals are using third parties to gain initial access, it was further explained, as 81% of third-party breaches involved the compromise of victim systems.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)

View Deal

Targeting open-source repositories

The findings may not be too surprising, as some of the biggest cyberattacks ever recorded came as a result of third-party compromise.

The SolarWinds hack in December 2020 was one of the most significant cyber-espionage attacks in history. Threat actors compromised SolarWinds’ Orion software updates, inserting malicious code (later named "SUNBURST") that was unknowingly distributed to around 18,000 customers.

This allowed the attackers to deploy backdoors into the networks of companies that installed the tainted update.

The breach allegedly went undetected for months, compromising US government agencies (the Departments of Treasury, State, and Homeland Security), major tech firms (Microsoft), and countless private companies.

The attack was blamed on a Russian state-sponsored threat actor called APT29 (AKA Cozy Bear).

To conduct third-party cyberattacks, threat actors will often target open-source code repositories, such as GitHub. They will try to push malicious updates into code packages, or will try to “typosquat” a piece of malware, in hopes that software developers will install the malicious code themselves.

It works, too, as news often breaks of bad code being discovered on GitHub, or people’s accounts being compromised and abused in the distribution of malware. Security researchers often warn that software developers should always verify, and never trust the code, regardless of who the author is.

Via Infosecurity Magazine

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.