A computer user points at the word "Bitcoin" in ransom message associated with the NotPetya malware. Photo: Donat Sorokin\TASS via Getty Images.

Hackers dramatically increased the number and scope of attacks on software manufacturers as a way to attack user machines in 2017, according to a new report by Symantec. "When you look at the numbers, it's no longer one off attacks," Kevin Haley, director of Symantec Security Response, told Axios.

Why it matters: The NotPetya malware was devastating internationally, costing the shipping giant Maersk $300 million dollars alone. It spread so quickly because it was attached to an update for widely used Ukrainian accounting software. This type of attack, where malware is placed in software before it is downloaded from the manufacturer, is known as a supply chain attack and are particularly tough for users to defend against.

By the numbers: According to Symantec's new Internet Security Threat Report, there was an average of three reported supply chain attacks attacks per year from 2013 through 2015. There were 10 in 2017, up from three in 2015 and four in 2016.

Larger in scope: While past supply chain attacks focused on niche software, like the software used in industrial machinery, 2017 saw two gigantic attacks. NotPetya was one, while a second targeted the popular CCleaner file cleaning software.

A siege of nations: Supply chain attacks are difficult to pull off and frequently the domain of nations and other highly-adept groups. "It certainly takes a level of sophistication - not common cyber criminals," said Haley. The White House believes NotPetya was launched by the Russian Government, while many researchers believe CCleaner was a product of China.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Eniola Odetunde/Axios

  1. Global: Total confirmed cases as of 6:30 a.m. ET: 30,199,007 — Total deaths: 946,490— Total recoveries: 20,544, 967Map
  2. U.S.: Total confirmed cases as of 6:30 a.m. ET: 6,675,593 — Total deaths: 197,644 — Total recoveries: 2,540,334 — Total tests: 90,710,730Map
  3. Politics: Former Pence aide says she plans to vote for Joe Biden, accusing Trump of costing lives in his coronavirus response.
  4. Health: Pew: 49% of Americans wouldn't get COVID-19 vaccine if available today Pandemic may cause cancer uptick The risks of moving too fast on a vaccine — COVID-19 racial disparities extend to health coverage losses.
  5. Business: Retail sales return to pre-coronavirus trend.
Mike Allen, author of AM
2 hours ago - Politics & Policy

Scoop: Mike Bloomberg's anti-chaos theory

CNN's Anderson Cooper questions Joe Biden last night at a drive-in town hall in Moosic, Pa., outside Scranton. Photo: CNN

Mike Bloomberg's $100 million Florida blitz begins today and will continue "wall to wall" in all 10 TV markets through Election Day, advisers tell me.

Why it matters: Bloomberg thinks that Joe Biden putting away Florida is the most feasible way to head off the national chaos we could have if the outcome of Trump v. Biden remained uncertain long after Election Day.

Biden's hardline Russia reset

Photo Illustration: Eniola Odetunde/Axios. Getty Images photos: Mark Reinstein

When he talks about Russia, Joe Biden has sounded like Ronald Reagan all summer, setting up a potential Day 1 confrontation with Russian President Vladimir Putin if Biden were to win.

Why it matters: Biden has promised a forceful response against Russia for both election interference and alleged bounty payments to target American troops in Afghanistan. But being tougher than President Trump could be the easy part. The risk is overdoing it and making diplomacy impossible.