UnitedHealth Says BlackCat Behind Change Healthcare Cyber Attack
The connotations of 'island hopping' conjure up images of sipping piña coladas on various Philippine islands, but in cybersecurity, the term is a far cry from sunny beaches and beautiful landscapes. Instead, island hopping refers to a cybersecurity threat that could cause significant damage to your business. You'd be forgiven if this is news to you; island hopping has only really begun to surface in the last few years. Thus, before it gets any more prevalent, now would make a great time to better understand the threat.
What is island hopping?
Threat actors use this technique to exploit smaller or 'less sophisticated' organisations to get to their larger affiliates. For example, it'd be like exploiting a recruitment agency that is hiring on behalf of a much larger corporation. Thus, the threat name comes from the 'hopping' between vulnerabilities to get to the target organisation. Island hopping attacks can manifest in many ways, but there are three main forms that experts have identified.
- Network-based island hopping: in this style of attack, attackers will use an initial network to 'hop' onto an affiliate network. Commonly, malicious actors will target an organisation's managed security service provider to traverse network connections.
- Watering hole attacks: here, attackers will inject malware into a website that the organisation they are targeting may visit frequently. In doing so, they can steal information to gain access to the target organisation.
- Reverse business email compromise: this is where a hacker takes over the target organisation's email server to distribute file-less malware attacks on members of the company. This form of island hopping occurs mainly within the financial sector.
What's the best way to mitigate the risk?
A 2019 study by Carbon Black found that 50% of cyber attacks use some form of island hopping. This means that the attack net is especially large, as all companies and their networks on a supply chain are a target, particularly if there is a giant corporation at the end. In turn, it's especially important for organisations of every size and type to practice cybersecurity diligence, as island hopping can result in a domino effect of damage to businesses across a supply chain. This means doing your bit to not be the weakest link in the chain: encourage vigilance across your organisation and ensure your security policies are updated and determined to the highest standard. Furthermore, organisations should consider network segmentation if they haven't done already. Should an attacker one perimeter, they’ll find themselves confronted by many more in the surrounding environment. Most importantly, however, you should work with third parties and your supply chain to suppress vulnerabilities. The cybersecurity responsibility today has shifted considerably; what was once only the concern of IT teams soon became that of the entire enterprise, with individual employees now playing a larger part than ever in cybersecurity. Now, entire enterprises in any one supply chain must cooperate together to keep malicious actors out.
Thinking about segmenting your network to keep island hoppers out? Find out where to begin in this article here.