Skip to main content

Island hopping attacks

An island-hopping attack is a hacking campaign in which threat actors target an organization's more vulnerable third-party partners to undermine the target company's cybersecurity defenses and gain access to their network. A threat actor is an entity that is partially or completely responsible for an incident that affects -- or has the potential to affect -- an organization's security system.

 

Threat actors targeting large organizations -- even ones with effective cybersecurity defenses -- will go to any length to get in. If the targeted organization has strong cybersecurity practices, then attackers will utilize island hopping attacks and exploit the business's intermediaries to penetrate the original organization's secure systems.

Island hopping attacks have become increasingly popular. Threat actors are using the technique to compromise network systems between multiple companies and steal their digital assets. The industries most affected by island hopping attacks include finance, healthcare, manufacturing and retail.

Island hopping cyberattacks and third-party access

The term island hopping comes from the military strategy employed by the Allies in the Pacific theatre against the Axis powers during World War II. The strategy involved having the Allies take over an island and use it as a launching point for the attack and takeover of another island. The mission was first put into motion in August 1942 in Guadalcanal in the Solomon Islands.

In cybersecurity, island hopping attackers target customers and smaller companies that work with the victim organization, assuming that these more minor entities' cyberdefense systems are not as extensive as the ultimate target.

Similarly, if an organization is known to order food from the same website, threat actors may stage a watering hole attack, where they target that site -- knowing that members of the organization visit it -- as a way to gain access to the company's network.

How do they work?

Island hopping attacks often begin through phishing, where the attackers disguise themselves as a reputable entity in an email or other communication channel. Trusted brands -- such as Facebook and Apple support -- are often used in phishing attacks as a first step.

Another common method is known as network-based island hopping, in which attackers infiltrate one network and use it to hop onto an affiliate network. For example, attackers will target an organization's managed security service provider (MSSP) to move through their network connections.

In another technique known as a reverse business email compromise, attackers take over the mail server of their victim company and use fileless malware attacks from there. Fileless malware attacks use applications that are already installed and thought to be safe. As such, fileless malware attacks do not need to install malicious software or files to initiate an attack. Reverse business email compromise attacks often target the financial sector.

Why do attackers use island hopping attacks?

Primary motivations for island hopping attacks include criminal activities, such as ransomware attacks and crypto jacking. For example, in 2013, hackers targeted the heating, ventilation and air conditioning (HVAC) service partner of retail giant Target. Target suffered a massive security breach in which the payment data of more than 40 million customers was stolen.

As was the case with Target, attackers take advantage of smaller partner companies because they typically cannot afford the same level of cybersecurity as the bigger organizations. Moreover, because the smaller systems are already trusted by the larger company, they are less likely to be noticed when compromised, making it easier for the attack to spread to the organization's network.

Island hopping defence strategies

Island hopping defence strategies include the following:

  • Assess third-party risks.
  • Create an incident response plan and a team that is funded and has the right tools to defend the network.
  • Require that suppliers use the same preferred MSSP and technology stack as the organization.
  • Have an incident response third party on retainer.
  • Use correct network segmentation so contractors don't get access to all of the servers, just the server they need to work on.
  • Use multifactor authentication (MFA).
  • Focus on lateral movement -- in which attackers move through a network, searching for key assets and data -- and credential theft.

How rampant are island hopping cyberattacks?

According to the VMware cybersecurity company Carbon Black's November 2019 Global Incident Response Threat Report, island hopping accounts for 41% of total cyberattacks -- up 5% since the first half of 2019. Lateral movement is steady at 67% of attacks -- well above 2018 averages. In the same report, Carbon Black found that attackers are selling island hopping access to compromised systems, often without the target realizing they are exposed.

How to respond to an island hopping cyberattack

Organizations that have become victims of island-hopping attacks should respond by doing the following:

  1. Look at logs from the affected systems for visibility. Identify what access was gained. Once an attacker gains an initial foothold, that access can be used to eventually gain full access to the enterprise through other attacks, such as a watering hole attack.
  2. Assess the scope of the attack and what assets were taken.
  3. Monitor new accounts or changes to systems to help identify when an account has been compromised and to thwart future island hopping attacks. Be sure to include trusted third parties that have access to the enterprise network or to cloud services. Also, include the service provider so it can check its logs and systems.


Comments

Post a Comment

Popular posts from this blog

Black swan

A  black swan event  is an incident that occurs randomly and unexpectedly and has wide-spread ramifications. The event is usually followed with reflection and a flawed rationalization that it was inevitable. The phrase illustrates the frailty of inductive reasoning and the danger of making sweeping generalizations from limited observations. The term came from the idea that if a man saw a thousand swans and they were all white, he might logically conclude that all swans are white. The flaw in his logic is that even when the premises are true, the conclusion can still be false. In other words, just because the man has never seen a black swan, it does not mean they do not exist. As Dutch explorers discovered in 1697, black swans are simply outliers -- rare birds, unknown to Europeans until Willem de Vlamingh and his crew visited Australia. Statistician Nassim Nicholas Taleb uses the phrase black swan as a metaphor for how humans deal with unpredictable events in his 2007...
Post a Comment
Read more

A Graphics Processing Unit (GPU)

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. A GPU may be found integrated with a central processing unit (CPU) on the same circuit, on a graphics card or in the motherboard of a personal computer or server. In the early days of computing, the CPU performed these calculations. As more graphics-intensive applications such as AutoCAD were developed; however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs, freeing up their processing power. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market. GPU vs. CPU A graphics processing unit is able to render images more quickly than a central processing unit because of its parallel processing architecture, which allows it to perform multiple calculations at the same time. A single CPU does not have this capability, although multi...
Post a Comment
Read more

6G (sixth-generation wireless)

6G (sixth-generation wireless) is the successor to 5G cellular technology. 6G networks will be able to use higher frequencies than 5G networks and provide substantially higher capacity and much lower latency. One of the goals of the 6G Internet will be to support one micro-second latency communications, representing 1,000 times faster -- or 1/1000th the latency -- than one millisecond throughput. The 6G technology market is expected to facilitate large improvements in the areas of imaging, presence technology and location awareness. Working in conjunction with AI, the computational infrastructure of 6G will be able to autonomously determine the best location for computing to occur; this includes decisions about data storage, processing and sharing.  Advantages of 6G over 5G 6G is expected to support 1 terabyte per second (Tbps) speeds. This level of capacity and latency will be unprecedented and wi...
Post a Comment
Read more