Have you ever heard of an Island Hopping attack?
This term may sound to you like a way to spend your vacation, but I assure you it is not.
Actually, it is a cyber attack with a peculiar name in recent times it has gained tremendous traction and is currently one of the latest cybersecurity threats.
Let’s see where that name comes from and what exactly it is about.
What Is Island Hopping Originally?
The term island hopping or “leapfrogging” was basically an American military strategy that was used in WWII
The main motive was to reach mainland Japan to end the war.
But the approach was different, instead of focusing entirely on the end goal, they focused on limited allied resources on strategically important islands such as Hawaii, Marshal Island, and Guam, which were not well defended but were able to support the voyage to the main islands of Japan.
What Is Island Hopping in Cybersecurity?
Hackers also use this same concept: they do not directly attack the final target company, but instead, focus on infiltrating its affiliates.
But why is this so? When a company is protected with high-end tools and solid white hat equipment, attackers find it difficult to dominate them.
So they find other small companies that the main target does business with, as these affiliates don’t have the security infrastructure and are not as strong as the main target organization.
This may involve compromising accounts of a marketing company, for example, and requesting a bank transfer from one of their large clients, which is deposited into the criminal’s own bank account.
Attacking affiliates also helps them gain more insight into the primary target’s operations. The financial, manufacturing, and retail sectors are the most affected by this type of attack.
A clear example of this occurred in late 2013 with Target Corporation, which suffered a massive data breach when its point of sale system was owned: payment information was stolen from 40 million customers and left almost $300 million in costs.
This attack did not start at Target or any of its servers. Instead, the attackers invaded one of Target’s affiliates, Fazio Mechanical Services, a company that provides heating and cooling to Target, which did not have a very strong cybersecurity infrastructure.
This gave hackers the opportunity to steal email credentials that were later used to access Target’s networks.
This method of piracy has experienced such an increase that it is considered that 50% of the attacks launched in recent years are based on “Island Hopping.”
How to Detect Island Hopping and Protect Your Business From It
Since an island-hopping attack can be launched on your company from different entry points, you may not be able to fully safeguard all entry points, however, you must put the “antenna” on to detect any attack.
It is very important that you know how to identify the types that exist and that you have an incident response plan and a team that is adequately financed and equipped, there can be no half measures.
Often after an attack has occurred, you will be under pressure from a critical level incident and will not be able to strategize effectively.
There are three different types of island hopping attacks:
a) Network-based: This is the most common type of island hopping, the network-based method involves a hacker invading a victim’s organizational network and eventually “jumping” onto a partner’s network.
b) “Household watering” website: This technique involves cybercriminals embedding a form of malware on the website of a smaller company that is frequently used by a larger target organization. From there, the malware infects anyone who uses the website. Hackers can use the account information of the infected person to access and attack the target organization.
c) Business Email Compromise: A popular method in the financial industry, this form of island hopping occurs when hackers infiltrate a partner company’s email server and deliver malware attacks to the target organization via the email account of a trusted affiliate.
However, if you have a strong incident response team and plan, attacks become easier to detect and even at a lower cost to the business.
Every second is important… So, do you have the team, tools, and plan in place to detect and mitigate losses?