Site icon Check Point Blog

What is an 'island hopping' attack? (and how to stop one)

EXECUTIVE SUMMARY:

At the mention of island hopping, you're likely dreaming about adventures in Hawaii, the Caribbean, or similar destinations with majestic views and white-sand beaches. In the context of cyber security, island hopping refers to a sophisticated type of cyber attack. This technique is used by attackers as a means of circumventing advanced cyber security measures deployed by large organizations.

Key insights

What is island hopping (in cyber security)? 

An island hopping attack occurs when cyber adversaries pursue access to a company through a circuitous route. Instead of directly targeting the intended victim organization, the attackers will 'hop' through a series of intermediary steps in order to achieve their objectives.

For instance, cyber adversaries may compromise a large organization's third-party partners in order to eventually gain access to the intended target.

The intended target (a larger organization) will likely have state-of-the-art cyber security that cyber attackers cannot otherwise get past.

Network-based island hopping

This occurs when cyber attackers compromise one organization's network and then use that network access in order to move directly into another company's network.

While firewalls and routers isolate business networks from untrusted networks, like the internet, they don't always isolate networks from business partners, and that's by design. Administrators sometimes make network access exceptions for partners, giving them access to internal networks for collaboration purposes. Cyber attackers know this and exploit this to access high-value networks.

For example, an attack group might go after a target organization's managed security service provider (MSSP) in order to ultimately gain access to the targeted enterprise.

How do island hopping attacks work? 

Island hopping attacks often start with a phishing email. One strategy used by island hopping attackers consists of impersonating trusted brands via email, like Apple and Google, and enticing people to respond by leaning into the trusted brand's reputation.

Another technique, known as a reverse business email compromise attack, consists of taking over the mail server of a target company and deploying fileless malware. In the past, attackers have used this modus operandi to gain access to financial sector entities.

Why cyber attackers choose island hopping

Cyber attackers use island hopping attacks in order to deploy ransomware, to cryptojack, to steal intellectual property, and to determine which organizations to target in even larger attacks, among other things.

How to stop island hopping attacks 

There are a variety of best practices that can help you prevent and defend against island hopping attacks.

  1. Connect with business partners and third-parties. If the businesses that you work with have access to your networks, ensure that everyone has strong security measures in place that will protect all interconnected entities. In addition, help business partners conduct security audits or provide information regarding how to go about it. And follow-up.
  2. Consider recommending the same cyber security ecosystem/infrastructure that you have in place to your business partners. Some companies only do business with other companies that have the same cyber security infrastructure.
  3. Lead or request a check on all of the data that your small business partners can access. Reexamine whether or not partners need access to certain types of data, assessing whether or not excessive permissions have been granted.
  4. Leverage network segmentation to protect server access. Your contractors, for example, likely don't need access to all of the servers, just the handful that they need to work on. Correctly segment your networks.
  5. Implement multi-factor authentication. Hackers are notoriously expert when it comes to cracking passwords. Multi-factor authentication can help prevent unauthorized data and network access. If you find multi-factor authentication inconvenient and unpalatable, this thought leadership article might change your perspective.
  6. Have an incident response plan ready-to-roll and maintain an incident response team. In the event that your organization experiences a cyber attack, only an incident response team will be able to prevent disruption or destruction. If you can't reasonably maintain an incident response team in-house, have an incident response third-party on retainer.

If you're interested in more great cyber security insights, please see CyberTalk.org's past coverage. In addition, check out the CyberTalk.org newsletter! Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.

Exit mobile version