Island hopping is an increasingly popular cyber attack technique where cyber criminals infiltrate smaller companies, such as HR, marketing or healthcare firms, in order to access a larger target organisation.
It’s a method that has seen a steep rise in usage over the past few years, with 50% of today’s attacks using island hopping, according to Carbon Black’s Quarterly Incident Threat Report.
The report revealed that the industries most affected by island hopping are financial (42%), manufacturing (32%) and retail (32%), although those numbers may well be higher as it is sometimes difficult to work out the journey of an attempted cyber attack.
“At this point, [island hopping] has become part and parcel of a cybercrime conspiracy,” said Tom Kellerman, Carbon Black’s chief cybersecurity officer. “They’re using their victim’s brand against customers and partners of that company.
“They’re not just, say, invading your house – they’re setting up shop there, so they can invade your neighbours’ houses too.”
At present, there are three main forms that island hopping takes, although new forms may manifest themselves in the future:
Network-based island hopping is the most well-known variant, where an attacker leverages a victim’s network to ‘hop’ onto an affiliate network. Recent hacks of managed service providers (MSPs) are an example of this, where cyber criminals have been exploiting weak account credentials to access systems installed by MSPs to launch ransomware attacks.
Websites converted into ‘watering holes’ are a growing island hopping method seen by 17% of respondents. Hackers insert malware into a smaller target website often used by a large organisation, which then infects individuals coming to use that site. Attackers are then able to use that information to get access to the target organisation.
Reverse business email compromise (BEC) is a new trend, which has been seen in the financial sector. Hackers take over the email server of the victim company, and uses email to send malware attacks to a target company from the trusted recipient.
Organisations are vulnerable to island hopping because it only takes one weak link in the chain of companies they depend on to open up systems to an attack.
There are challenges when it comes to responding to an attack as well; 44% of those surveyed said that a lack of visibility prevented them from being able to respond effectively.
In the meantime, ensuring the security policies and procedures of both your own organisation and any partners you work with are up-to-date is a good place to start with ensuring you don’t fall victim to island hopping.
Similarly, ensuring you have a solid backup and disaster recovery plan in place will help your business recover quickly, should the worst happen.
Live island hopping webinar
If you want to find out more about island hopping, including how security teams can guard against its use in attacks, register now for our live webinar on Monday 8 July, 11am BST. Presented in association with Carbon Black, the webinar will also cover how hackers have begun using counter-incident response tactics to maintain their hold on target networks once they’re discovered by security teams.
Adam Shepherd, our moderator, will be speaking to industry experts, including some of Carbon Black’s top strategists, to find out what this means for your security model, and how you can learn from attackers’ patterns to make your business safer.