Microsoft: The Cyber Dangers for Manufacturers and Suppliers

Cybercriminals are evolving their tactics to exploit supply chains and identity systems instead of just targeting individual company firewalls.

A new report from Microsoft details a threat landscape where ransomware continues to cause major disruption, with attackers gaining initial access to organisations and then inflicting further damage on their supplier and consumer bases.

According to Microsoft’s sixth annual Digital Defense Report, the trend shows malicious actors increasingly leveraging third-party relationships to compromise downstream organisations.

This means a single weak link in a vendor or partner relationship could expose a whole network of businesses – a concerning development for sectors like logistics and manufacturing, where interconnected systems are fundamental to physical production and movement.

Financial motivations behind cyber attacks

While nation-state threats persist, the majority of cyber attacks are motivated by financial gain. Human-operated ransomware is a primary risk, enabling attackers to infiltrate systems directly and demand extortion payments.

However, tactics are changing from traditional phishing attempts towards more sophisticated social engineering and identity-based compromise.

Amy Hogan-Burney, Corporate Vice President, Customer Security and Trust at Microsoft, explains that financial gain, not espionage, is the primary motive for most incidents.

“In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data – a trend motivated more by financial gain than intelligence gathering,” she says.

Amy adds that “over half of cyber attacks with known motives were for extortion or ransomware. That’s at least 52% of incidents fuelled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organisations face today come from opportunistic criminals looking to make a profit.”

Global supply chains under threat from ransomware

Microsoft's report highlights how deeply digital systems are embedded in global trade, from port logistics and shipping schedules to customs and inventory management. This interconnectedness increases the potential attack surface.

“Supply chains, both physical and digital, increase our attack surface,” the report states.

A case study from February 2025 illustrates the speed and potential scale of disruption. A ransomware attack on a global shipping company was contained within 14 minutes, but the consequences could have been far-reaching.

“Had the shipping company’s systems been taken offline for even a few hours, the cascading effect would have impacted trade and industry around the world,” the report notes.

Transportation is now among the top 10 sectors most impacted by ransomware, with 223 organisations listed. Related sectors such as retail, wholesale and distribution show even higher exposure with 441 affected organisations, a figure Microsoft links to attackers targeting value chains.

While most attacks aim for extortion, state-aligned groups are also active. The report reveals that, “in the last year, three Iranian actors targeted shipping and logistics operations across Europe and the Persian Gulf”, seeking persistent access to commercial and operational data.

Building resilience through strategic cybersecurity leadership

In this environment, Microsoft advises that organisational leaders must approach cybersecurity as more than simply an IT problem.

“In this environment, organisational leaders must treat cybersecurity as a core strategic priority – not just an IT issue – and build resilience into their technology and operations from the ground up,” Amy says.

Microsoft’s vast security operation, which processes over 100 trillion signals and blocks 4.5 million new malware attempts daily, provides a unique perspective on the scale of the threat.

Amy highlights how accessible tools have lowered the barrier to entry for cybercriminals: “Advances in automation and readily available off-the-shelf tools have enabled cybercriminals – even those with limited technical expertise – to expand their operations considerably."

She goes on to say that “the use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone, big or small, making cybercrime a universal, ever-present threat that spills into our daily lives.”

To counter this, Microsoft advocates for stronger identity controls, proactive exposure management and greater supply chain transparency. This includes implementing secure-by-design principles using software bills of materials (SBOMs) and adopting consistent vulnerability disclosure practices.

The report also calls for regulatory harmonisation, arguing that fragmented compliance requirements weaken collective defences and hinder coordinated incident responses.