According to the 2025 Third-Party Breach Report published by Black Kite, ransomware attacks surged by 123% in 2024, with threat actors increasingly exploiting vulnerabilities within vendor ecosystems.
The report reveals that third-party vendors emerged as the leading initial access vector for cybercriminals, resulting in some of the most significant cybersecurity incidents ever recorded.
Notably, supplier-related breaches triggered a domino effect across supply chains, culminating in catastrophic disruptions and financial losses that underscore the urgent need for robust third-party risk management.
One of the most prominent cases highlighting this trend was the $75 million ransomware payment made by pharmaceutical giant Cencora after attackers infiltrated its systems through a third-party supplier.
Similarly, the global CrowdStrike outage, which impacted organizations on a worldwide scale and resulted in an estimated $5 billion in damages, was traced back to vulnerabilities in a vendor’s software update mechanism.
These incidents are just two examples among many that demonstrate the potentially devastating consequences when vendor security is neglected or underprioritized.
Attack Vectors and Techniques
The Black Kite report details how ransomware gangs have shifted their tactics from directly targeting enterprises to exploiting the weakest points in interconnected supply chains.
Common techniques included weaponizing software vulnerabilities in vendor products, leveraging stolen access credentials to bypass security controls, and exploiting misconfigured systems with excessive permissions.
Attackers were also found to invest heavily in reconnaissance, mapping intricate relationships between organizations and their third parties to identify the optimum entry points.
Unauthorized access and credential misuse featured prominently in the analyzed incidents, enabling threat actors to move laterally across networks and escalate privileges.
In particular, supply chain environments involving outdated legacy systems or insufficient segmentation provided fertile ground for such lateral movement.
The sheer scale of modern vendor networks increased the attack surface exponentially, with organizations often lacking real-time visibility into their suppliers’ security postures.
Industry Impact and Lessons Learned
Industries such as healthcare, finance, and manufacturing bore the brunt of these attacks.
The healthcare sector, reliant on myriad third-party software platforms and medical device manufacturers, suffered extensive data breaches and operational outages.
Financial institutions, which commonly outsource functions such as payment processing and IT support, experienced financial fraud and customer trust erosion following breaches.
Manufacturing was also heavily impacted as ransomware attacks on supplier networks caused prolonged production halts and logistical bottlenecks.
The report emphasizes that the evolving tactics of cybercriminals have rendered traditional perimeter defenses insufficient.
Organizations that failed to assess and monitor their vendors’ cybersecurity postures became collateral victims, often discovering vendor-related breaches only after significant damage had occurred.
This reactive approach, the report suggests, is unsustainable as attacker sophistication continues to evolve.
To counter these threats, Black Kite’s report advocates for a proactive, data-driven approach to Third-Party Risk Management (TPRM).
Recommendations include conducting comprehensive pre-engagement vendor assessments, leveraging continuous monitoring solutions that provide real-time risk intelligence, and establishing incident response plans explicitly tailored to third-party breach scenarios.
Additionally, the importance of collaboration-with both vendors and internal stakeholders-was stressed to ensure rapid identification and mitigation of emerging threats.
Ultimately, the seismic shift in the threat landscape documented in 2024 makes one point abundantly clear: an organization’s cybersecurity is only as strong as its weakest vendor.
As ransomware operators continue to refine their strategies and seek out indirect pathways to their targets, holistic supply chain security is no longer optional but essential.
The lessons from 2024’s third-party breaches should serve as a wake-up call for enterprises to invest in comprehensive TPRM frameworks, bridging visibility gaps and fortifying defenses against tomorrow’s most sophisticated cyber threats.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
