Cyberattacks Surge in 2025: Third-Party Attacks Reach New Heights
New research from the 2025 Data Breach Investigations Report (DBIR) by Verizon Business has revealed a concerning trend in cyberattacks. The report, based on over 22,000 security incidents and 12,195 confirmed data breaches, has found that third-party attacks have skyrocketed, accounting for 30% of all cyberattacks.
Supply chain and partner ecosystems are being increasingly abused by cybercriminals to gain initial access to systems. In fact, 81% of third-party breaches involved the compromise of victim systems, highlighting the vulnerability of these relationships in the face of cyber threats.
The rise of third-party attacks is not surprising, given the success of high-profile breaches like the SolarWinds hack in December 2020. This attack, which was carried out by a Russian state-sponsored threat actor, compromised the Orion software updates used by around 18,000 customers, including US government agencies and major tech firms.
The breach, known as SUNBURST, allowed attackers to deploy backdoors into the networks of affected companies, staying undetected for months. This devastating attack serves as a stark reminder of the risks associated with third-party compromise.
Threat actors often target open-source code repositories like GitHub to conduct third-party cyberattacks. They may push malicious updates into code packages or try to "typosquat" malware, in hopes that software developers will install the malicious code themselves.
Security researchers warn that software developers should always verify and never trust the code, regardless of who the author is. The recent discovery of bad code on GitHub and compromised accounts being used in the distribution of malware further underscores the need for vigilance.
A Growing Concern for Businesses
The findings from the 2025 DBIR report highlight a growing concern for businesses. As the number of third-party attacks increases, it is essential for companies to take proactive measures to protect themselves. This includes conducting thorough risk assessments, implementing robust security protocols, and verifying the authenticity of code updates.
A Call to Action
As cyber threats continue to evolve, it is crucial for individuals, families, and businesses to prioritize cybersecurity. With the rise of third-party attacks, it is more important than ever to protect yourself from cyber threats. Consider using a reputable password manager like Keeper Personal, Family, or Business to safeguard your sensitive data.
Keeper offers features like zero-knowledge encryption, two-factor authentication, dark web monitoring, secure file storage, and breach alerts to provide peace of mind against cyber threats. With its user-friendly interface and robust security measures, Keeper is an excellent choice for anyone looking to protect their digital assets.