Kaspersky warns of supply chain & IT risks in 2025

Today

Experts at Kaspersky have provided an analysis of significant supply chain attacks and IT outages from 2024 and explored potential risks for 2025.

In 2024, the cybersecurity landscape was notably troubled by supply chain attacks and IT outages, indicating that nearly no infrastructure is beyond risk. A faulty update from CrowdStrike affected millions, while incidents involving the XZ backdoor and the Polyfill.io supply chain attack underscored vulnerabilities in widely utilised tools. These incidents emphasise the critical need for stringent security strategies, rigorous patch management, and proactive defences to protect global supply chains and infrastructures.

The Kaspersky Security Bulletin under its "Story of the Year" reviews the major incidents of 2024 while considering hypothetical scenarios for future risks and their implications. One significant scenario considers the impact of a major AI provider experiencing an outage or a data breach. Reliance on AI models from companies like OpenAI, Meta, and Anthropic increases points of failure. A major disruption could affect numerous dependent services, while an incident could lead to severe data leaks due to the sensitive information these systems may hold.

Another scenario suggests the risks associated with on-device AI tools becoming attack vectors. As AI technology becomes more embedded in daily devices, the potential for exploitation grows. Instances like the Operation Triangulation campaign by Kaspersky showed zero-day vulnerabilities in device software and hardware being exploited for spyware deployment. Discoveries of vulnerabilities within neural processing units could amplify these threats, using AI capabilities to increase the impact of attacks.

Kaspersky's findings from the Operation Triangulation case demonstrated the potential misuse of on-device machine learning for data extraction, marking the first instance reported by the firm, where features intended for better user experiences were being weaponised by sophisticated threat actors.

Further considerations include the potential disruption to satellite connectivity by threat actors, a sector that has seen various cyberattacks. Satellite internet, often a temporary link in global connectivity, provides essential services to airlines, maritime platforms, and secure communications. A cyberattack or an erroneous update from a key satellite provider could result in significant outages, disrupting communications for individuals and entities.

Physical threats to the internet infrastructure remain a concern, with 95% of global data transferred through subsea cables and almost 1,500 Internet Exchange Points (IXPs) worldwide. Disruptions to these critical components could strain remaining infrastructures, potentially causing extensive outages and affecting global connectivity.

Kaspersky also explores potential exploits of severe vulnerabilities in the Windows and Linux kernels, which support numerous critical global systems. An exploitable vulnerability could expose devices and networks worldwide to attacks, posing a threat to global supply chains.

Igor Kuznetsov, Director of Global Research and Analysis Team (GReAT) at Kaspersky, said, "Supply chain risks may seem overwhelming, but awareness is the first step toward prevention. By testing updates rigorously, leveraging AI-driven anomaly detection, and diversifying providers to reduce single points of failure, we can reduce weak elements and build resilience. A culture of responsibility among personnel is equally vital, as human vigilance remains the cornerstone of security. Together, these measures can safeguard supply chains and ensure a more secure future."

Share on: