From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction

Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected security gaps, attackers can establish a foothold, leveraging these weaknesses to penetrate the primary business partners’ network. From there, they move laterally through critical systems, ultimately gaining access to sensitive data, financial assets, intellectual property, or even operational controls.

Recent high-profile breaches like the 2024 ransomware attack that hit Change Healthcare, one of the world’s largest health payment processing companies, demonstrate how attackers disrupted supply chain operations stealing up to 6TB of millions of patients’ protected health information (PHI). This incident was one of the most disruptive cyberattacks on U.S. critical infrastructure to date and could have been prevented with simple multifactor authentication (MFA) on the targeted remote server.1

Unlike traditional cyber threats that target a single organization, supply chain attacks exploit the weakest links within a business ecosystem. As businesses work to mitigate risks, it is important to understand the emerging threat landscape, the industries most at risk, and the security strategies necessary to secure supply chains. Additionally, as the U.S. implements new tariffs on foreign goods, businesses must assess whether these trade policies will introduce new cybersecurity challenges or alleviate some existing risks.

Emerging Threats Affecting Supply Chains

• Ransomware Attacks: Ransomware has evolved into one of the most damaging cyber threats to supply chains. Attackers increasingly target logistics providers, manufacturers, and critical suppliers, encrypting their systems and demanding hefty ransoms to restore operations. In 2024 CDK Global, a software provider for nearly 15,000 North American car dealerships, was hit by a ransomware attack. The malware targeted personally identifiable information (PII) such as Social Security numbers, bank account details, and credit card data. Dealerships were forced to revert to manual operations for days if not weeks thereafter, including using pen and paper and physically transporting auto records to Department of Motor Vehicles (DMV) offices in the U.S. The attack resulted in significant operational disruptions and financial losses estimated at over $1 billion.1
• Software Supply Chain Attacks: Cybercriminals have shifted their focus to compromising software vendors, and injecting malicious code into trusted applications and updates. In April 2024, hackers uploaded malicious Visual Studio projects to GitHub, manipulating search algorithms to increase visibility. These projects contained malware resembling Keyzetsu Clipper, designed to intercept and alter cryptocurrency wallet addresses copied to the clipboard, redirecting funds to attackers.2
• Third-Party Credential Theft: Attackers often gain access to corporate networks by exploiting weak authentication measures used by third-party vendors. Phishing attacks, credential stuffing, and password leaks provide hackers with a pathway to infiltrate multiple organizations through a single compromised vendor. Weak vendor security practices can allow unauthorized access to critical systems, leading to data theft and operational disruptions.
• AI-Powered Cyber Attacks: Artificial Intelligence has become a double-edged sword in cybersecurity. While businesses use AI for threat detection and defense, cybercriminals leverage AI to automate phishing campaigns, bypass security controls, and identify vulnerabilities within supply chain networks. AI-driven attacks make it easier for hackers to evade detection, increasing the frequency and sophistication of supply chain cyber threats.
• IoT and OT Exploits: Supply chain operations heavily rely on Internet of Things (IoT) and Operational Technology (OT) devices, such as smart sensors, automated manufacturing equipment, medical devices, and connected logistics systems. However, many IoT and OT devices lack robust security measures, making them attractive targets for hackers. Cybercriminals exploit vulnerabilities in these devices to launch distributed denial-of-service (DDoS) attacks, manipulate production processes, or gain access to enterprise networks.

Industries Most Impacted and Why

Manufacturing & Industrial

Manufacturers depend on global supply chains for raw materials, hardware components, and logistics. Cyberattacks targeting industrial control systems (ICS) and enterprise resources planning (ERP) software can halt production, delay shipments, and lead to financial losses. Additionally, intellectual property theft poses a significant risk in this sector, as hackers target sensitive trade secrets.

Healthcare & Pharmaceuticals

The healthcare industry relies heavily on third-party suppliers, wholesale distribution centers, R&D, lab equipment and chemical suppliers, hospitals and clinics, government buyers, and more. Healthcare, and specifically pharmaceutical companies, must manage one of the largest industry supply chains filled with 10s if not 100s of vendors. A breach within the healthcare supply chain can be devastating and compromise patient data, disrupt hospital operations, and even impact the development and/or distribution of critical medicines. This was no more evident than the 2020 attack on the COVID-19 vaccine supply chain that highlighted the vulnerabilities in this sector.

Retail & E-Commerce

Retailers and e-commerce businesses depend on logistics providers, payment processors, and digital marketing platforms, all of which introduce third-party cyber risks. Cybercriminals frequently target online checkout systems, warehouse automation tools, and supplier databases to steal payment information and personal customer data.

Energy & Critical Infrastructure

Power grids, fuel pipelines, transportation, and water treatment facilities depend on complex supply chains involving multiple vendors and contractors. A cyberattack on a single supplier can disrupt entire sectors, as seen in the March 2025 cyberattack targeting Ukraine’s state-owned railway company, Ukrzaliznytsia, disrupting both passenger and freight transport services.3

Banking & Financial Services

Since Open Banking first exploded, banks and financial institutions work with numerous third-party service providers to access consumer banking data through APIs. It was introduced to foster competition and innovation and enhance customer control over financial data. Open Banking started in response to regulatory initiatives like the PSD2 (Revised Payment Services Directive) in the EU and CMA’s Open Banking regulations in the UK, aiming to break the monopoly of traditional banks, encourage fintech growth, and improve financial transparency and services. A supply chain breach in this sector can expose sensitive financial data, disrupt banking operations, and lead to large-scale fraud.

Proactive Security Strategies for Supply Chain Protection

As global networks expand, businesses must go beyond securing their own environments to account for the risks posed by third-party vendors. The shift has forced organizations to move from reactive incident response toward proactive security strategies that anticipate, detect, and neutralize threats before they can cause disruption. As a result, cybersecurity is no longer just about responding to attacks – it’s about predicting and preventing them to strengthen supply chain resilience and ensure business continuity. Here are a few security strategies that are proving effective.

Continuous Threat Exposure Management (CTEM)

Organizations should proactively identify, validate, prioritize, and mitigate security gaps in their supply chains using CTEM frameworks. These approaches continuously analyze attack vectors, ensuring rapid response to emerging threats.

Continuous Penetration Testing & External Attack Surface Management (EASM)

Automated pentesting can provide continuous testing of vendor systems to help uncover vulnerabilities before cybercriminals do. Attack Surface Management (ASM) tools enable businesses to map and monitor all external-facing assets, reducing the risk of unknown exposures.

Regulatory Compliance & Standards

Companies should align their security strategies with industry regulations such as NIST’s Cybersecurity Framework, the Cybersecurity and Infrastructure Security Agency (CISA) guidelines, and ISO 27001 standards. Compliance with these frameworks ensures a baseline of security practices within supply chains.

AI-Driven Threat Detection

Leveraging artificial intelligence for real-time threat detection and anomaly analysis can help businesses identify vulnerabilities within the supply chain that normally would not be discovered. AI-powered security tools analyze large volumes of supply chain data to detect suspicious activities and predict potential attacks.

Impact of U.S. Tariffs on Cybersecurity in Supply Chains

U.S. tariffs on imported technology, hardware, raw materials, and software, for example, have implications well beyond economics – they also affect the security and resilience of critical infrastructure. As costs rise, businesses may seek alternative suppliers, potentially exposing themselves to greater security risks. These shifts in sourcing can introduce new vendors with varying security standards, increasing the likelihood of supply chain attacks.

• Increase Costs & Vendor Shifts: New tariffs on foreign goods may force businesses to change suppliers. Vendors from different regions may have weak security protocols, requiring additional vetting and security assessments.
• Reshoring & Nearshoring Trends: To reduce reliance on foreign suppliers, many U.S. companies are reshoring (bringing production back to the U.S.) or nearshoring (moving operations closer to the U.S.). While this shift may reduce risks associated with foreign supply chain attacks, it may also introduce new cyber threats related to domestic infrastructure security.
• Regulatory & Compliance Burdens: New trade policies could require companies to comply with additional cybersecurity regulations when sourcing from certain regions. This may lead to increased costs for security compliance and risk assessments.
• Potential Risk in Cyber Espionage: Geopolitical tensions arising from tariff policies could drive more state-sponsored cyberattacks on U.S. companies. Businesses must remain vigilant against espionage attempts targeting trade secrets and supply chain data.

Conclusion

A secure supply chain is not just about protecting assets – it’s about maintaining trust, resilience, and operational stability. As cyber threats grow in sophistication and supply chain dependencies increase, organizations that take a proactive security stance will be better positioned to mitigate risk and sustain long-term growth. Now, more than ever, is the time to evaluate vendor relationships, strengthen defenses, and embed security into every state of the supply chain lifecycle. The future belongs to those who anticipate threats, not just react to them.

About The Author

[email protected] The Hacker News

See author's posts

Original post here