Recent findings from Group-IB in their High-Tech Crime Trends Report 2026 suggest an alarming trend in cybercrime, with supply chain attacks driving a self-reinforcing economy of breaches, credential theft, and ransomware. At the core of this operation are managed service providers (MSPs), identified as significant targets by cybercriminals due to their access to numerous downstream customers.
MSPs often serve as crucial intermediary entities within various supply chains. Because they access multiple client systems, any compromise can quickly spread across different organisations. Hence, this makes them attractive targets for attackers who can leverage a single breach into larger-scale infiltrations.
Research indicates that MSPs might underestimate the potential scale of these attacks. Despite evidence to the contrary, only a minority of MSP leaders consider them a top priority. Yet, incidents like the 2025 breach by the Dragonforce ransomware gang illustrate the potential impact, wherein a single vulnerability within an MSP's remote monitoring tool opened the floodgates to a supply chain attack.
To mitigate these risks, MSPs need to adopt a rigorous approach towards supply chain security. Adhering to recognised security standards and practices, such as implementing least-privilege access and enforcing multi-factor authentication, is paramount. Furthermore, regular access reviews, continuous monitoring, and strict segmentation of client environments can prevent single-point failures from escalating.
A critical aspect of managing supply chain risks involves extending due diligence to technology vendors. Ensuring that third-party tools meet stringent security standards is crucial. With a collective approach to risk management, involving shared accountability, organisations can thwart the cascade effect of breaches across the supply chain.
In the face of these threats, institutions including MSPs should consider frameworks like the NCSC's Cyber Essentials Supply Chain Playbook to better structure their approach to supply chain security. Establishing clear standards and expectations with suppliers can significantly enhance transparency and prevent isolated incidents from becoming systemic failures.
Jamie Akhtar, CEO and Co-Founder of CyberSmart, said: "This research confirms what we’ve long suspected: modern supply chain risk doesn’t live in isolated systems but in interconnected ecosystems where breaches cascade across organisations. This trend shows how attacks on upstream vendors, open-source projects, browser extensions and managed service platforms can give adversaries inherited access to downstream customers, credentials and trust relationships."
Given the evolving landscape of cyber threats, organisations within supply chain networks must remain vigilant and proactive. Ensuring robust security measures not only protects them but also safeguards their clients and the wider interconnected ecosystem.
