Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.