Island Hopping is a new way that cyber-criminals are targeting large organizations, that puts small businesses directly in their line of fire. Island Hopping involves attackers exploiting the weaknesses of small businesses, in order to move laterally to target larger organizations. Security analysts view Island Hopping as becoming an increasingly tricky problem to deal with because of its difficulty to detect, and its high effectiveness.
If you ask small businesses owners if they see themselves as
being particularly at risk from cyber-attacks, you are likely to hear them say
they aren’t. This was the findings of research from the SME
Cyber Survey 2018, which found that 8 out of 10 small businesses owners don’t
see cyber-attacks or data loss as being a risk to their business, despite the
fact that according to threat research, 43%
of cyber-attacks do target SMB organizations.
The growth of island hopping represents a new reason why all businesses should be proactive with their cyber security.
What is Island Hopping?
Island hopping describes cyber-criminals trying to
compromise smaller organizations in order to go after their larger partners in
the supply chain. This can involve compromising accounts from a marketing
company for example, and requesting a wire-transfer from one of their large
clients, which is deposited into the criminal’s own bank account.
Island hopping takes its name from the US’ strategy against Japan in World War Two, involving the taking of smaller islands in order to more effectively breach the mainland.
This type of attack commonly affects organizations in the financial, manufacturing and retail sectors, and has also been used to target US towns and cities according to Carbon Black.
How harmful can Island Hopping be?
Island Hopping targets the business supply chain, which can be very effective. It can be very difficult for security technologies to identify when attackers have compromised trusted contacts, which makes Island Hopping attacks even more difficult to stop.
Island Hopping attacks are also becoming more common. We spoke to Jon Clay, Director of Global Threat Communications at Trend Micro, who told us that “Island Hopping, and those supply chain attacks, are on the rise, and we’re going to see them become more and more of a problem.”
The reason for this is that they are very effective. Small
businesses often have less resources and technical knowledge to deal with cyber-attacks,
and so they are an easy target for cyber-criminals who have larger
organizations in their sights.
One of the most famous cases of Island Hopping affected US shopping
giant Target. In 2014, they were hit by a widespread data breach, which hit
their point of sale system and stole payment information from 40 millions of
their customers. The attack cost Target nearly $300 million, a
major hit to their business.
But the attack didn’t start with Target. It actually began with
a small company called ‘Fazio Mechanical Services’, a heating and refrigeration
reported they had been breached by cyber criminals, who stole Target credentials
from an email attack that took place at least two months before the attack against
Target actually took place.
This case study outlines how Island Hopping puts small businesses at rise of cyber-attacks, and the demonstrates the importance of having strong security protocols in place.
How can you protect your business?
It’s crucial that businesses of all sizes implement robust security measures to protect their accounts and data. There is no quick fix to stop Island Hopping attacks, but there are some recommendations and security tools you can put in place to reduce the likelihood of successful attacks:
How You Can Protect Your Business:
Email Security: Ensure you have strong email security in place. Many Island Hopping attacks use email attacks like phishing to steal credentials. Strong email security solutions will be able to detect signs of account compromise, and give admins the tools to remove suspicious emails automatically.
Implement strong identity management: This involves making sure that every user has a strong, unique password for each of their accounts, and that multi-factor authentication is in place to reduce the likelihood of account compromise. There are a range of business password management and multi-factor authentication tools in place to make these processes easier.
Be on the look out for signs of a data breach: This can include injected DNS-records, failed/irregular logins, unknown large files and warnings from security solutions.
Strong endpoint protection: Making sure you have strong protection on your endpoint devices is key to stop malware attacks and help identify device compromise.