As manufacturers race to reconfigure global operations in response to tariffs, trade restrictions, and geopolitical uncertainty, cybercriminals are seizing the moment. Each new supplier, system, and integration point adds complexity and creates new openings for attackers to exploit.
Threat actors, ranging from ransomware crews to state-sponsored groups, are watching this period of operational flux closely. Some are looking to steal sensitive data. Others are pre-positioning for more disruptive attacks down the line. While companies focus on logistics, compliance, and supplier relationships, cyber risks are quietly multiplying in the background.
Supply chain-based cyberattacks are no longer hypothetical risks: they’re now a preferred tactic among sophisticated hackers.
From car dealerships to supermarkets to drones, we’ve seen a growing number of real-world cases where compromising one weak link has given attackers access to an entire network of upstream and downstream partners. For manufacturers investing heavily in supply chain resilience, overlooking cybersecurity can quietly undermine those efforts from the start.
Today’s supply chains are not just physical; they are deeply digital. The rise of software supply chain compromises (like the attacks on SolarWinds, MOVEit, and 3CX) shows how malicious code inserted during routine updates can have far-reaching consequences. In this environment, digital trust in vendors is just as essential as their operational reliability.
Too Much Access, Too Fast
When companies rush to onboard suppliers – often under pressure and with limited visibility – they create the very blind spots attackers exploit.
Each new supplier, logistics partner, or contract manufacturer expands the digital footprint and widens the attack surface. ERP integrations, cloud-based production systems, EDI portals, and remote access all open doors for threat actors.
Groups like China’s APT41 and Russia’s FIN7 have repeatedly leveraged vendor relationships, using valid credentials or remote services to move laterally.
To make matters worse, vendors frequently receive broader permissions than are necessary. These permissions are rarely reviewed and poorly monitored. Some accounts are set up with default settings, weak passwords, or elevated privileges that far exceed what’s required. Without disciplined provisioning, auditing, and deprovisioning, manufacturers may unknowingly expose core systems.
A clear example came in 2021, when the REvil ransomware gang exploited overly permissive access granted to managed service providers during the Kaseya VSA breach. By abusing remote access software, they pushed ransomware to over 1,500 downstream clients in a single, coordinated attack.
Failing to Conduct Cyber Due Diligence
Despite rising threats, many manufacturers still lack formal processes for evaluating a supplier’s cybersecurity practices. Basic questions, such as whether a vendor uses multi-factor authentication (MFA) or encrypts sensitive files, often go unasked.
A classic example is the Target breach, where attackers infiltrated the company’s network by compromising credentials from a third-party HVAC vendor with weak security controls. The lack of vendor due diligence gave threat actors a foothold that ultimately led to over $200 million in damages to the company.
Expanding supply networks into new regions can also introduce additional risk if cybersecurity maturity varies. Just as companies vet suppliers for financial stability and production quality, they should also evaluate their digital hygiene. Cybersecurity due diligence should be table stakes, not an afterthought.
Dangerous Data Sharing
During supply chain shifts, data sharing often begins before IT integrations with new partners are fully in place, leaving sensitive information exposed to theft or interception. In these moments, business expediency tends to outweigh security concerns. As a result, companies fall back on risky practices: sharing critical files like design documents, product specifications, bills of materials, and manufacturing instructions via unsecured email, outdated FTP servers, or consumer-grade file-sharing tools.
In 2019, Norsk Hydro suffered $75 million in damages from a ransomware attack that exposed critical gaps in file access controls and visibility across its production systems. In 2023, Shell’s Australian subsidiary, BG Group, was hit by the MOVEit Transfer breach, in which attackers exploited a vulnerability in a widely used file transfer tool to steal employee information.
When old vendors are phased out to make way for new partnerships, their digital footprints often remain. VPN tunnels, API tokens, ERP interfaces, and shared cloud environments may continue operating long after a contract ends.
These lingering links, known as “ghost” connections, can create hidden, unmonitored pathways into the network. Similarly, “zombie” accounts – logins tied to former vendor employees or internal users – often stay active due to weak password policies or a lack of automated deprovisioning.
Without proper offboarding, formal shutdown procedures, and regular audits, these forgotten access points can persist for months or even years. This offers easy entry for cybercriminals or malicious insiders.
Supply chain shifts often create communication gaps, especially during rapid growth, vendor changes, or crisis response. This makes impersonation attacks like BEC (business email compromise), phishing, and deepfake scams more likely. Remote and hybrid work only increase the risk by reducing in-person verification.
Attackers frequently spoof supplier domains to send fake invoices, reroute shipments, or steal login credentials, especially during onboarding or payment transitions.
In 2016, German manufacturer Leoni AG lost €40 million after attackers spoofed executive emails and tricked an employee into wiring funds. In 2019, Toyota Boshoku lost $37 million in a similar scam involving a fake supplier payment request.
How to Reduce the Threat
Cybersecurity must be built into supply chain strategy from the start, not treated as an afterthought. Manufacturing, procurement and IT teams need to align early and often to safeguard digital and physical assets.
Here are three foundational steps manufacturers can take:
Involve Security Early. Cybersecurity should be part of supplier selection, not something addressed after contracts are signed. Require vendors to demonstrate their security practices, and include cybersecurity performance in procurement criteria.
Inventory and Manage Digital Connections. Treat digital supplier connections like physical ones. Maintain an accurate inventory of all third-party access points, review them regularly, and ensure every connection has a clear owner. Make offboarding procedures as rigorous as onboarding.
Build Vendor Response Playbooks. Establish clear protocols for what to do if a vendor is compromised. This includes breach notification timelines, access revocation steps, and escalation paths. Make sure these expectations are built into contracts and SLAs.
The push to build more agile and resilient supply chains is a strategic necessity. But if cybersecurity isn’t part of that equation, manufacturers risk building vulnerabilities faster than they can secure them.
JP Castellanos is the Director of Threat Intelligence for Binary Defense (binarydefense.com), where he leads a team of intelligence analysts in monitoring emerging threats, conducting threat research and helping companies update their defenses.
![7 001[1]](https://img.inddist.com/mindful/im/workspaces/default/uploads/2025/06/7-0011.S7Uqlbb3HV.jpg?auto=format%2Ccompress&crop=focalpoint&fit=crop&fp-x=0.53&fp-y=0.44&h=220&q=70&w=330)
