Group-IB Warns Supply Chain Attacks Have Become the Leading Global Cyber Threat
Group-IB has released its High-Tech Crime Trends Report 2026, warning that supply chain attacks are now emerging as the most significant force reshaping the global cyber threat landscape, with growing implications for organizations across the Middle East and Africa
According to the report, cybercriminals are increasingly moving away from isolated intrusions and instead targeting trusted vendors, SaaS providers, open-source software, browser extensions, and managed service providers to gain indirect access to multiple downstream organizations at once. For the MEA region, where cloud adoption, digital government services, and fintech ecosystems continue to expand, this shift turns cyber incidents into broader systemic risks.
Group-IB’s findings show that phishing remains a major entry point for wider compromise. In 2025, internet services accounted for 52.49 percent of phishing activity observed in MEA, followed by financial institutions at 28.50 percent and logistics at 11.20 percent. Together, these sectors represented more than 80 percent of phishing activity in the region, underlining how identity compromise can open the door to larger ecosystem-wide attacks.
Trust is no longer implicit – it must be verified, monitored, and secured continuously.
The report also highlights the role of Initial Access Brokers, noting that more than 200 cases of publicly advertised corporate access linked to MEA organizations were observed in 2025. This reflects a growing market for stolen credentials and network footholds, which are later used to support ransomware, espionage, and follow-on attacks.
Ransomware remained another major concern, with the GCC accounting for more than 100 reported incidents in 2025. Other affected markets included South Africa, Egypt, Morocco, and Turkey. Real estate was the most targeted sector with 39 incidents, followed by financial services with 25, manufacturing with 23, and both government and healthcare with 21 incidents each. Group-IB said ransomware groups are increasingly operating as coordinated ecosystems, focusing on upstream access points to maximize disruption and financial impact.
In the GCC specifically, the report identified five organizations affected by supply chain attacks, mainly in IT services and industrial sectors. Because these firms support broad customer and partner networks, a single compromise can trigger disruption far beyond the directly targeted company, affecting operations, data security, and trust across multiple dependent entities.
Commenting on the findings, Dmitry Volkov, CEO of Group-IB, said cybercrime is no longer defined by single breaches but by “cascading failures of trust.” He warned that attackers are industrializing supply chain compromise because it offers scale, speed, and stealth, adding that organizations must move beyond securing isolated systems and instead protect trust across every relationship, identity, and dependency.
Download the report from here.
