In 2024, supply chain attacks and IT outages emerged as dominant cybersecurity concerns, demonstrating that virtually no infrastructure is immune to risk. A faulty CrowdStrike update affected millions of systems, and sophisticated incidents, such as the XZ backdoor and the Polyfill.io supply chain attack exposed the risks inherent in widely used tools. These and other high-profile cases highlight the need for rigorous security measures, robust patch and update management, and proactive defenses to safeguard global supply chains and infrastructure.
As part of its annual Kaspersky Security Bulletin, the company’s experts have analyzed significant supply chain attacks and IT outages from the past year and explored potential future risk scenarios, providing insights aimed at helping businesses of all sizes enhance cybersecurity, build resilience, and prepare for possible emerging threats in 2025.
In its “Story of the Year”, the Kaspersky Security Bulletin reflects on 2024’s past incidents, while contemplating hypothetical future scenarios, and considering their potential consequences, as follows:
What if a major AI provider faced an outage or a data breach?Businesses are increasingly relying on various models such as those from OpenAI, Meta, Anthropic and others. However, despite the excellent user experience these integrations offer, they introduce significant cyber risks. Reliance on a single or limited number of AI service providers creates concentrated points of failure. If a major AI company experiences a critical disruption, it could significantly impact dozens or even thousands of services that depend on them.
Furthermore, an incident at any major AI provider could result in one of the most severe data leaks, as these systems may store vast amounts of sensitive information.
What if on-device AI tools were exploited? As AI becomes more integrated into everyday devices, the risk of it becoming an attack vector grows significantly. For instance, the Operation Triangulation campaign, uncovered by Kaspersky last year, demonstrated how attackers could compromise device integrity by exploiting zero-day vulnerabilities in the system software and hardware to deploy advanced spyware. Similar potential software or hardware-assisted vulnerabilities in the neural processing units powering AI – both broadly and in specific platforms like Apple Intelligence – could, if discovered, extend or present an even greater threat. Exploiting such weaknesses could harness AI capabilities to significantly amplify the scope and impact of such attacks.
Kaspersky’s research into Operation Triangulation also revealed the first of its kind case reported by the company: the misuse of on-device machine learning for data extraction, highlighting that the features designed to enhance user experience are already being weaponized by sophisticated threat actors.
What if threat actors disrupted satellite connectivity? While the space industry in general has been encountering various cyberattacks for a while, the new target for threat actors may be satellite internet providers as important elements of the global connectivity chain. Satellite internet can provide temporary communication links when other systems are down; airlines, ships, and other platforms may rely on it to provide onboard connectivity; it may also be used to enable secure communication services.
This presents cyber risks: a targeted cyberattack or a faulty update from a leading or dominant satellite provider could cause internet outages and potential communication breakdowns, impacting individuals and organizations.
What if major physical threats to the Internet occurred? Continuing the topic of connectivity, the internet is also vulnerable to physical threats. 95% of global data is transmitted through subsea cables, and there are nearly 1,500 Internet Exchange Points (IXPs) – physical locations, sometimes within data centers, where different networks exchange traffic.
A disruption to just a few critical components of this chain – such as key cables or IXPs – could overload the remaining infrastructure, potentially causing widespread outages and significantly impacting global connectivity.
What if severe vulnerabilities in Windows and Linux kernel were exploited? These operating systems power many of the world’s critical assets, including servers, manufacturing equipment, logistics systems, IoT devices, and others. A remotely exploitable kernel vulnerability in these systems could expose countless devices and networks worldwide to potential attacks, creating a high-risk situation in which global supply chains could face significant disruption.
“Supply chain risks may seem overwhelming, but awareness is the first step toward prevention,” said Igor Kuznetsov, Director of Global Research and Analysis Team (GReAT) Kaspersky. “By testing updates rigorously, leveraging AI-driven anomaly detection, and diversifying providers to reduce single points of failure, we can reduce weak elements and build resilience. A culture of responsibility among personnel is equally vital, as human vigilance remains the cornerstone of security. Together, these measures can safeguard supply chains and ensure a more secure future”.