Cybercriminals are increasingly using vulnerable companies to target their partners and peers The number of third-party incidents doubled year-on-year, Verizon's new report shows The attacks are used to gain access to target organizations New research has claimed the involvement of third parties in data breaches has doubled, and is now seen in 30% of all cyberattacks. The 2025 Data Breach Investigations Report (DBIR) from Verizon Business, which is based on more than 22,000 security incidents and 12,195 confirmed data breaches, found supply chain and partner ecosystems are being increasingly abused in cyberattacks. Cybercriminals are using third parties to gain initial access, it was further explained, as 81% of third-party breaches involved the compromise of victim systems. Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month ​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data. It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats. Preferred partner (What does this mean?) Targeting open-source repositories The findings may not be too surprising, as some of the biggest cyberattacks ever recorded came as a result of third-party compromise. The SolarWinds hack in December 2020 was one of the most significant cyber-espionage attacks in history. Threat actors compromised SolarWinds’ Orion software updates, inserting malicious code (later named "SUNBURST") that was unknowingly distributed to around 18,000 customers. This allowed the attackers to deploy backdoors into the networks of companies that installed the tainted update. The breach allegedly went undetected for months, compromising US government agencies (the Departments of Treasury, State, and Homeland Security), major tech firms (Microsoft), and countless private companies. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors The attack was blamed on a Russian state-sponsored threat actor called APT29 (AKA Cozy Bear). To conduct third-party cyberattacks, threat actors will often target open-source code repositories, such as GitHub. They will try to push malicious updates into code packages, or will try to “typosquat” a piece of malware, in hopes that software developers will install the malicious code themselves. It works, too, as news often breaks of bad code being discovered on GitHub, or people’s accounts being compromised and abused in the distribution of malware. Security researchers often warn that software developers should always verify, and never trust the code, regardless of who the author is. Via Infosecurity Magazine