Kaspersky explores 2025 potential IT outage and supply chain risk scenarios

As part of its annual Kaspersky Security Bulletin, the company’s experts have analyzed significant supply chain attacks and IT outages from the past year and explored potential future risk scenarios, providing insights aimed at helping businesses of all sizes enhance cybersecurity, build resilience, and prepare for possible emerging threats in 2025.

In 2024, supply chain attacks and IT outages demonstrated the pervasive risks to modern infrastructure. High-profile incidents, including a faulty CrowdStrike update that disrupted millions of systems, the XZ backdoor, and the Polyfill.io supply chain attack, exposed vulnerabilities in widely used tools.

These events underscored the urgent need for rigorous security measures, robust patch management, and proactive defenses to protect global supply chains and critical infrastructure.

Kaspersky’s “Story of the Year” highlights growing AI risks, including outages, breaches, and misuse of sensitive data. Operation Triangulation revealed attackers exploiting zero-day vulnerabilities in system hardware and software, targeting neural processing units and on-device AI. Kaspersky also uncovered the first misuse of machine learning for data extraction, weaponizing AI features.

Satellite internet, vital for onboard connectivity and emergency communications, is another area of concern. A cyberattack or faulty update targeting a dominant provider could trigger widespread outages, impacting individuals and organizations reliant on these services.

The internet also faces physical threats, with 95% of global data transmitted through subsea cables, and there are nearly 1,500 Internet Exchange Points (IXPs) facilitating traffic exchange.

Disruptions to key components like cables or IXPs could overload infrastructure, leading to widespread connectivity issues.

Critical operating systems like Windows and Linux face potential exploitation of kernel vulnerabilities, which could expose servers, IoT devices, and logistics systems to attacks. Such scenarios threaten to disrupt global supply chains, underscoring the need for enhanced defenses and resilience across digital ecosystems.

“Supply chain risks may seem overwhelming, but awareness is the first step toward prevention,” said Igor Kuznetsov, Director of Global Research and Analysis Team (GReAT) Kaspersky. “By testing updates rigorously, leveraging AI-driven anomaly detection, and diversifying providers to reduce single points of failure, we can reduce weak elements and build resilience.

A culture of responsibility among personnel is equally vital, as human vigilance remains the cornerstone of security. Together, these measures can safeguard supply chains and ensure a more secure future”.

Read more on Securelist.

Threat Research
The Threat Research team is a leading authority in protecting against cyberthreats. By actively engaging in both threat analysis and technology creation, our TR experts ensure that Kaspersky’s cybersecurity solutions are deeply informed and exceptionally potent, providing critical threat intelligence and robust security to our clients and the broader community.

About the Global Research & Analysis Team
Established in 2008, the Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. Today GReAT consists of 40+ experts working globally – in Europe, Russia, Latin America, Asia, Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.

About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.