That was the warning delivered by cybersecurity analyst Richard Stiennon, founding father of IT-Harvest, throughout a latest MITech TV interview that examined a number of high-profile cyber incidents now rippling by the know-how and enterprise worlds.
Stiennon, one of many cybersecurity business’s longest-running analysts, stated the newest wave of assaults demonstrates how risk actors more and more goal trusted software program provide chains, developer ecosystems, buyer databases and cloud infrastructure fairly than relying solely on conventional ransomware assaults.
“The assault floor retains increasing,” Stiennon stated. “Firms are interconnected in ways in which create huge efficiencies, however those self same connections additionally create systemic threat.”
Among the many incidents mentioned was a just lately disclosed breach involving Czech automaker Škoda Auto, a subsidiary of the Volkswagen Group.
In keeping with reporting by BleepingComputer, attackers compromised Škoda Auto’s on-line retailer and accessed buyer info tied to the e-commerce platform.
The corporate stated hackers obtained private info from an undisclosed variety of prospects. Škoda Auto, based 130 years in the past, delivered a couple of million autos in 2025 and generated greater than €27 billion in income.
Whereas the breach itself could seem restricted in contrast with some mega-attacks, Stiennon stated automotive corporations signify more and more engaging targets as a result of trendy automobile corporations function huge digital ecosystems involving on-line ordering programs, buyer financing, linked autos, dealerships and provider networks.
“Automakers immediately are know-how corporations,” he stated. “When attackers compromise buyer programs, they aren’t simply stealing names and addresses anymore. They’re probing giant interconnected infrastructures.”
The interview additionally examined a complicated software program supply-chain marketing campaign recognized by researchers at Trend Micro.
The marketing campaign, dubbed TeamPCP, reportedly focused developer ecosystems between March 19 and April 24 utilizing a number of coordinated assault waves throughout a number of programming ecosystems and software program registries.
Researchers stated the attackers infiltrated trusted improvement infrastructures, poisoned software program distribution channels and harvested credentials earlier than maintainers or safety groups detected the compromise.
The assaults affected a number of programming ecosystems and highlighted rising fears all through the software program business that open-source improvement chains have gotten probably the most harmful assault vectors in trendy cybersecurity.
“This is among the greatest considerations in cybersecurity immediately,” Stiennon stated. “Builders belief repositories, automated updates and software program libraries as a result of trendy improvement is determined by pace and automation. Attackers perceive that.”
The implications prolong far past know-how corporations.
Michigan producers, automotive suppliers, healthcare organizations, monetary establishments and logistics corporations all more and more depend on third-party software program elements, cloud providers and open-source instruments to energy day by day operations.
A compromised software program library inserted deep inside an organization’s infrastructure can probably create vulnerabilities that stay undetected for months.
Stiennon stated the assaults illustrate why cybersecurity now have to be seen as a boardroom-level enterprise subject fairly than merely an IT division accountability.
The MITech TV interview additionally lined an incident involving Grafana Labs, which disclosed that attackers gained entry to parts of its GitHub surroundings and downloaded firm code repositories.
In keeping with reporting by Help Net Security, the corporate stated risk actors accessed supply code linked to its observability and information visualization platforms.
Grafana is extensively used all through enterprise IT environments, cloud infrastructures and DevOps operations all over the world.
Stiennon stated incidents involving developer repositories are notably regarding as a result of attackers more and more goal the software program improvement lifecycle itself.
“GitHub has grow to be a part of the crucial infrastructure of the digital economic system,” he stated. “If attackers achieve entry to code repositories, they’ll probably research vulnerabilities, insert malicious code or compromise downstream customers.”
The interview moreover explored a breach involving 7-Eleven after the corporate disclosed that intruders accessed programs containing franchisee paperwork.
In keeping with reporting by SecurityWeek, the incident was detected April 8 and concerned programs storing franchise utility info.
The hacking group ShinyHunters later claimed to own greater than 600,000 Salesforce data linked to the retailer.
Though 7-Eleven has not confirmed the broader scope of the claims, the incident demonstrates how retailers and franchise operators stay high-value targets as a result of they usually keep in depth monetary, operational and buyer databases.
“These assaults should not random,” Stiennon stated. “Cybercriminals comply with the information and the cash.”
To assist organizations higher perceive the more and more crowded cybersecurity market, Stiennon additionally highlighted the IT-Harvest Analyst Dashboard, a analysis platform cataloging almost 12,000 cybersecurity merchandise from roughly 4,000 distributors.
The dashboard permits customers to go looking cybersecurity classes, determine distributors and observe rising safety applied sciences throughout the business.
Stiennon stated the cybersecurity market has grow to be so giant and fragmented that many organizations battle merely to know which merchandise exist and the way they match collectively.
“Cybersecurity has grow to be one of many largest know-how sectors on the earth,” he stated. “The problem now’s navigating the complexity.”
The IT-Harvest dashboard is out there at dashboard.it-harvest.com.
For Michigan companies, the teachings from these assaults have gotten more and more pressing.
As producers, healthcare suppliers, retailers and logistics corporations proceed digitizing operations and integrating AI-driven programs, consultants warn that cybersecurity dangers will proceed escalating alongside innovation.
Stiennon stated organizations should focus not solely on stopping assaults but in addition on enhancing visibility into software program dependencies, third-party distributors and cloud-connected infrastructures.
“The truth is that each firm is now a part of a digital provide chain,” he stated. “And attackers solely want one weak hyperlink.”