Skip to main content

Island hopping attacks

An island-hopping attack is a hacking campaign in which threat actors target an organization's more vulnerable third-party partners to undermine the target company's cybersecurity defenses and gain access to their network. A threat actor is an entity that is partially or completely responsible for an incident that affects -- or has the potential to affect -- an organization's security system.

 

Threat actors targeting large organizations -- even ones with effective cybersecurity defenses -- will go to any length to get in. If the targeted organization has strong cybersecurity practices, then attackers will utilize island hopping attacks and exploit the business's intermediaries to penetrate the original organization's secure systems.

Island hopping attacks have become increasingly popular. Threat actors are using the technique to compromise network systems between multiple companies and steal their digital assets. The industries most affected by island hopping attacks include finance, healthcare, manufacturing and retail.

Island hopping cyberattacks and third-party access

The term island hopping comes from the military strategy employed by the Allies in the Pacific theatre against the Axis powers during World War II. The strategy involved having the Allies take over an island and use it as a launching point for the attack and takeover of another island. The mission was first put into motion in August 1942 in Guadalcanal in the Solomon Islands.

In cybersecurity, island hopping attackers target customers and smaller companies that work with the victim organization, assuming that these more minor entities' cyberdefense systems are not as extensive as the ultimate target.

Similarly, if an organization is known to order food from the same website, threat actors may stage a watering hole attack, where they target that site -- knowing that members of the organization visit it -- as a way to gain access to the company's network.

How do they work?

Island hopping attacks often begin through phishing, where the attackers disguise themselves as a reputable entity in an email or other communication channel. Trusted brands -- such as Facebook and Apple support -- are often used in phishing attacks as a first step.

Another common method is known as network-based island hopping, in which attackers infiltrate one network and use it to hop onto an affiliate network. For example, attackers will target an organization's managed security service provider (MSSP) to move through their network connections.

In another technique known as a reverse business email compromise, attackers take over the mail server of their victim company and use fileless malware attacks from there. Fileless malware attacks use applications that are already installed and thought to be safe. As such, fileless malware attacks do not need to install malicious software or files to initiate an attack. Reverse business email compromise attacks often target the financial sector.

Why do attackers use island hopping attacks?

Primary motivations for island hopping attacks include criminal activities, such as ransomware attacks and crypto jacking. For example, in 2013, hackers targeted the heating, ventilation and air conditioning (HVAC) service partner of retail giant Target. Target suffered a massive security breach in which the payment data of more than 40 million customers was stolen.

As was the case with Target, attackers take advantage of smaller partner companies because they typically cannot afford the same level of cybersecurity as the bigger organizations. Moreover, because the smaller systems are already trusted by the larger company, they are less likely to be noticed when compromised, making it easier for the attack to spread to the organization's network.

Island hopping defence strategies

Island hopping defence strategies include the following:

  • Assess third-party risks.
  • Create an incident response plan and a team that is funded and has the right tools to defend the network.
  • Require that suppliers use the same preferred MSSP and technology stack as the organization.
  • Have an incident response third party on retainer.
  • Use correct network segmentation so contractors don't get access to all of the servers, just the server they need to work on.
  • Use multifactor authentication (MFA).
  • Focus on lateral movement -- in which attackers move through a network, searching for key assets and data -- and credential theft.

How rampant are island hopping cyberattacks?

According to the VMware cybersecurity company Carbon Black's November 2019 Global Incident Response Threat Report, island hopping accounts for 41% of total cyberattacks -- up 5% since the first half of 2019. Lateral movement is steady at 67% of attacks -- well above 2018 averages. In the same report, Carbon Black found that attackers are selling island hopping access to compromised systems, often without the target realizing they are exposed.

How to respond to an island hopping cyberattack

Organizations that have become victims of island-hopping attacks should respond by doing the following:

  1. Look at logs from the affected systems for visibility. Identify what access was gained. Once an attacker gains an initial foothold, that access can be used to eventually gain full access to the enterprise through other attacks, such as a watering hole attack.
  2. Assess the scope of the attack and what assets were taken.
  3. Monitor new accounts or changes to systems to help identify when an account has been compromised and to thwart future island hopping attacks. Be sure to include trusted third parties that have access to the enterprise network or to cloud services. Also, include the service provider so it can check its logs and systems.


Comments

Post a Comment

Popular posts from this blog

Understanding the Evolution: AI, ML, Deep Learning, and Gen AI

In the ever-evolving landscape of artificial intelligence (AI) and machine learning (ML), one of the most intriguing advancements is the emergence of General AI (Gen AI). To grasp its significance, it's essential to first distinguish between these interconnected but distinct technologies. AI, ML, and Deep Learning: The Building Blocks Artificial Intelligence refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions. Machine Learning, a subset of AI, empowers machines to learn from data and improve over time without explicit programming. Deep Learning, a specialized subset of ML, involves neural networks with many layers (hence "deep"), capable of learning intricate patterns from vast amounts of data. Enter General AI (Gen AI): Unraveling the Next Frontier Unlike traditional AI systems that excel in specific tasks (narrow AI), General AI aims to replicate human cognitive abilities across various domains. I...
Post a Comment
Read more

Normalization of Database

Database Normalisation is a technique of organizing the data in the database. Normalization is a systematic approach of decomposing tables to eliminate data redundancy and undesirable characteristics like Insertion, Update and Deletion Anamolies. It is a multi-step process that puts data into tabular form by removing duplicated data from the relation tables. Normalization is used for mainly two purpose, Eliminating reduntant(useless) data. Ensuring data dependencies make sense i.e data is logically stored. Problem Without Normalization Without Normalization, it becomes difficult to handle and update the database, without facing data loss. Insertion, Updation and Deletion Anamolies are very frequent if Database is not Normalized. To understand these anomalies let us take an example of  Student  table. S_id S_Name S_Address Subject_opted 401 Adam Noida Bio 402 Alex Panipat Maths 403 Stuart Jammu Maths 404 Adam Noida Physics Updation Anamoly :  To upda...
Post a Comment
Read more

How to deal with a toxic working environment

Handling a toxic working environment can be challenging, but there are steps you can take to address the situation and improve your experience at work: Recognize the Signs : Identify the specific behaviors or situations that contribute to the toxicity in your workplace. This could include bullying, harassment, micromanagement, negativity, or lack of support from management. Maintain Boundaries : Set boundaries to protect your mental and emotional well-being. This may involve limiting interactions with toxic individuals, avoiding gossip or negative conversations, and prioritizing self-care outside of work. Seek Support : Reach out to trusted colleagues, friends, or family members for support and advice. Sharing your experiences with others can help you feel less isolated and provide perspective on the situation. Document Incidents : Keep a record of any incidents or behaviors that contribute to the toxic environment, including dates, times, and specific details. This documentation may b...
Post a Comment
Read more