#No. 4 Edition
Sharp & curated cybersecurity news to keep your business safe & secure
Hello again, cybersecurity enthusiasts️, apprentices, and newcomers 🚀!
Twice a month, we’re “hacking” your feed with AROBS Cyber News(letter) – fresh and curated straight from the cybersec bubble 🔒. We promise to keep it short and sharp ✂️.
Here’s what you’ll find in our sections:
• The Only Article You Need to Read This Week 📝
• The Specialists’ Take 🎯
• You Need to Know That 📖
#4 Microsoft to retire Skype on May 5, 2025
Microsoft has announced that Skype will be permanently discontinued on May 5, 2025, as the company focuses on Microsoft Teams as its primary communication platform for personal, educational, and professional use.
What risks could this transition bring?
Cybercriminals may exploit fake Skype-to-Teams transition emails to launch phishing attacks, tricking users into providing credentials.
Impersonation scams could rise, with attackers pretending to be Microsoft representatives offering "support" for migration.
Malware-laden fake Skype updates may circulate, leading to credential theft or system compromise.
Companies using Skype for internal or client communication must ensure Teams is properly configured with security policies (e.g., MFA, DLP, logging).
Organizations relying on Skype for Business Server (on-premises) must assess their long-term security strategy to avoid future risks.
Microsoft urges users to migrate before May 2025 and has provided detailed guides to ease the transition.
Contributor: Mihai Șchiopu, Cybersecurity Specialist
Supply Chain Cybersecurity in 2025
The Specialist
Romeo Andreica is one of our experienced Information Security experts and the Chief Information Security Officer (CISO).
Supply chain cybersecurity is more critical than ever in 2025. As organizations continue to expand their reliance on third-party vendors, cloud services, and global suppliers, cyber threats targeting the supply chain have become one of the most significant risks to business continuity. A single vulnerability in a supplier’s system can compromise an entire network, leading to data breaches, ransomware attacks, or operational disruptions impacting thousands of companies downstream. With the latest cybersecurity regulations, such as the NIS2, DORA, CRA, AI Act as UE Directives and updated ISO 27001:2022 controls, companies must ensure their entire supply chain is resilient against cyber threats.
Your problem can be down the supply chain
From my experience, securing the supply chain is not just about assessing direct suppliers—it involves a deep evaluation of all third and even fourth-party dependencies. Cybercriminals increasingly target smaller, less secure vendors as a gateway to larger organizations. This is why a proactive approach is necessary, including implementing zero-trust architectures, conducting rigorous vendor risk assessments, and enforcing contractual security obligations. Organizations must also demand transparency from suppliers regarding their cybersecurity practices and incident response capabilities.
More attacks rising
One of the biggest threats I see today is the rise of software supply chain attacks. These attacks involve malicious actors injecting vulnerabilities into widely used software, affecting thousands of organizations simultaneously. We’ve seen sophisticated attacks where threat actors compromise trusted software providers and deliver malware through legitimate updates. To combat this, organizations must adopt robust code integrity checks, continuous monitoring, and software bill of materials (SBOM) practices to track every component in their digital ecosystem.
AI-driven tools
Another growing concern is using artificial intelligence (AI) in cyber threats targeting the supply chain. Attackers leverage AI-driven tools to automate phishing campaigns, identify vulnerabilities faster, and bypass traditional security defences. This means that companies must integrate AI-powered security solutions to detect and respond to anomalies in real-time. In addition, fostering a culture of cybersecurity awareness across all partners and suppliers is crucial to preventing social engineering attacks.
Not optional, necessary
Ultimately, I believe cybersecurity in the supply chain is no longer optional—it’s necessary for business survival. Organizations that fail to secure their supply chains will face not only financial and reputational damage but also regulatory penalties. We can build a more resilient and secure digital ecosystem by implementing stringent security frameworks, continuously monitoring third-party risks, and fostering stronger collaboration across the supply chain. Cybersecurity is a shared responsibility, and in 2025, it’s time for every organization to take it seriously.
Supply Chain Cyberattacks - Why Vendors Could Be Your Weakest Link
Let's say you've fortified your company's network, implemented strong password policies, and trained your employees to spot phishing scams (if you didn't, then we need to talk). But suddenly, you're hit with a data breach—not because of something you did, but because a trusted vendor was compromised. This is the hidden danger of supply chain cyberattacks.
What Is a Supply Chain Cyberattack?
A supply chain cyberattack targets a business by infiltrating one of its trusted third-party vendors, suppliers, or partners. Instead of attacking you directly, cybercriminals find the weakest link in your supply chain and exploit it to access your systems, data, or resources.
How Does It Work?
Scenario 1: A software vendor you rely on gets hacked, and malicious code is inserted into their product updates. When you update the software, the attacker gains access to your systems. In the infamous SolarWinds attack*, hackers compromised a widely used IT management tool, affecting thousands of organizations, including Fortune 500 companies and government agencies.
Scenario 2: One of your suppliers gets hacked, and the attackers gain access to their systems. They scan the entire contact list and try to find a breach. If one of your employees has a weak password, the chances are high to break into that account.
These are just two basic scenarios based on true stories. However, there are many, many more possible scenarios.
Small and medium-sized businesses (SMBs) often overlook supply chain risks. Many assume that vendors—especially well-known ones—are secure. However:
67% of SMBs rely on third-party vendors for critical operations.
According to recent reports, 1 in 3 data breaches involve third-party risks.
A single compromised vendor could expose sensitive data, disrupt operations, or cause your business to suffer financial losses.
How to Protect Your Business?
Before partnering with a vendor, assess their cybersecurity practices.
Only grant vendors the access they need. For instance, a vendor handling your billing system doesn't need access to your HR or customer databases. Implement least privilege access controls.
Set up ongoing monitoring of vendor activities and conduct periodic security reviews. Cyber threats evolve, so ensuring your vendors follow security best practices is essential.
A Quick Action for Today
Take 15 minutes to list your critical vendors and ask your team: Do we know their cybersecurity policies? What can we do with what we discovered?
By staying proactive and holding vendors to high-security standards, you can minimize the risk of becoming a victim of a supply chain cyberattack.
If you're into numbers and statistics, these are some great resources to check next:
https://fortifydata.com/blog/third-party-data-breaches-of-2024/
https://blackkite.com/wp-content/uploads/2024/03/third-party-breach-report-2024.pdf
Contributor: Iulia Reaboi, Project Manager
Digital Marketing Team Lead la AROBS | SEO & SEM | Google Ads Advisors member & PPC strategist
5moThe retirement of Skype in favor of Microsoft Teams marks the end of an era. 😟 While this transition may streamline services, it also raises concerns about potential cybersecurity risks, such as phishing and impersonation scams. Organizations must prioritize security measures to safeguard their data during this change.