Jun 6, 22 1:59 pm

Was this post helpful?

The Rise of Island Hopping Attacks

Jun 6, 2022
| by:
Shimon Brathwaite

What is an Island Hopping Attack?

Island hopping is a type of cyberattack where the threat actors target an organization’s third-party partners in order to use them as an access point to the target organization’s network. A threat actor refers to any entity that is trying to compromise the company’s network. The benefit of island hopping is that the hackers can circumvent many of the target company’s defenses by exploiting a company that is already trusted by that company and using them to gain access. This situation is called a trust relationship between two companies, where one company has established a relationship with another company and gives them access to their network. 

Why is Island Hopping on the rise?

Island hopping has been on the rise in the last few years because it is a very efficient type of attack. Rather than trying to compromise a company that has good security awareness and defenses, it’s more efficient to compromise any easier target and use them to get entry into the organization you want to compromise. By taking advantage of the trust that business partners have with one another it means that this type of attack will always have a high percentage chance of success. Secondly, by compromising companies that have many business partners a threat actor can gain access to many companies at one. Allowing them to have multiple targets to choose from which will make them more profit than simply targeting one company. A famous example of this was the Solarwinds attack in 2021. For those of you who haven’t heard of Solarwinds, Solarwinds is a software company based in the US that provides services to hundreds of US companies. A threat actor was able to compromise Solarwinds, inject a malicious payload into their software update prior to its release to its clients and as a result all of the Solarwinds clients that downloaded that software update were infected with malware. According to best estimates this example of an island-hopping attack infected over 100 US companies including Microsoft and Fireye.

Island Hopping Attack Path

Source @bleeping computer

 

Types of Island Hopping

Now that you understand what an island-hopping attack is, we’re going to cover some of the most popular types of island hopping attacks. These are all different ways that an attacker can use a third-party to compromise their main target organization.

Network-based island hopping

Network based island hopping is when an attacker compromises one company’s network and uses that to move directly into another company’s network. A computer network is simply a group of interconnected machines that can communicate with one another. Normally through security devices like a firewall or router, a company’s network should be isolated from other untrusted networks such as the internet. However, when companies have business partners, they may allow that company access to the company internal network in order to collaborate or give them access to certain resources. Hackers can take advantage of this by compromising a business partner and then using their network access to compromise their intended target. 

Watering hole attacks

A watering hole attack is a type of cyberattack where a hacker will observe or guess which websites employees of an organization like to visit and they will infect those websites with malware. Then when an employee navigates to that website, they will be infected, and that infection will spread to the company’s network via their corporate device. The name of this attack comes from the way predators would hunt prey in the wild. Many predators such as crocodiles for example will wait near and in a watering hole and when animals come to that source of water to drink, they will attack them there. The idea in that instance and in cybercrime is that rather than chasing after the target you simply wait for them to come to you. An example in the cyber world would be if a hacker decided to hack the website of a local coffee shop near the business they want to hack. This way when someone goes to that website to order a coffee or check the menu etc, they will be infected on their device and this will eventually spread to the corporate network once they connect their device to it.

Reverse Business Email Compromise

A normal business email compromise (BEC) is when an attacker impersonates a high-level employee such as a CEO, Director, or VP to convince someone to act. A common example is trying to convince an employee to perform a wire transfer by leveraging that person’s authority through impersonation. A reverse BEC is when an attacker compromises a business partner and then sends fraudulent emails to the target company. This can be used to steal money from the company via wire transfers or some form of a scam. It can also be used to get someone to download malware that will give the hacker’s access to that company’s network.

How Island Hopping affects businesses

Island hopping affects businesses by introducing an extra layer of risk. With island hopping attacks becoming more popular every business partner you have is now a potential entry point to your organization and it requires that companies have controls and processes in place to protect themselves from that risk. 

How to prevent Island Hopping

In this section we are going to focus on how to defend against island hopping. Since this involves third party organizations some people may believe that there’s not much you can do to prevent this but that is not true. Having good third-party security processes is an important part of a good overall cybersecurity program.

User Management

User management is important for preventing employees from falling victim to many of the island-hopping attacks. Particularly in any type of reverse email compromise situation, it’s important that employees are trained on what are normal requests vs abnormal requests. Employees need to understand that fraud can happen and need to be vigilant when looking at emails that appear to come from their superiors within the company. Secondly, it’s also important to have good identity management to ensure that user accounts have limited permissions. This way even if they are compromised the hacker will be limited in the damage they can cause to the victim organization.

Penetration Testing

Penetration testing is important for good overall security hygiene. In this instance, you want to have your penetration testers evaluate your network to see if you have any insecure connections with any of your third-party partners, this way even if their network becomes compromised it won’t affect your company’s network. Also, you should coordinate with your third parties to ensure that penetration testing is being done on their network to ensure that they are secure and at a lower risk of being compromised. You can even include in your terms of service that you require your vendors to uphold certain standards of security, including doing penetration testing. However, be careful when doing penetration testing that you only perform testing on your own systems or devices, otherwise you need to get written consent from your business partners to include their infrastructure in the testing. 

Proper Network Segmentation

The last tip we have for defending against island hopping attacks is proper network segmentation. Network segmentation is an important part of your overall data loss prevention strategy, by ensuring that your network is properly isolated from your business partners you eliminate the risk of a hacker being able to move laterally from their network to yours and stealing company information/spreading malware. In the event that you do need to give a business partner some type of network access you should only give them access to a portion of your network, isolated in a Demilitarized Zone (DMZ). This is an area of your network that is isolated from the rest. This way you can give outside users’ access to the resources in the DMZ without risking the compromise of your entire network.

DMZ network architecture

Source @TechTarget

Conclusion

Island hopping is a type of cyberattack where the threat actors target an organization’s third-party partners in order to use them as an access point to the target organization’s network. This allows the threat actor to bypass many of the security controls of their target by using the trusted relationship between the target and their partners. There are three primary types of island-hopping attacks: watering hole attacks, network-based island hopping and watering hole attacks. To defend against this type of attack it’s best to focus on good network segmentation, regular and extensive penetration testing and good user management. 

Was this post helpful?

About the Author

Shimon Brathwaite
Shimon Brathwaite is a cybersecurity professional, Consultant, and Author at securitymadesimple. He is a graduate of Ryerson University in Toronto, Canada. He has worked in several financial institutions in security-related roles, as a consultant in incident response and is a published author with a book on cybersecurity law. My professional certifications include Security+, CEH and AWS Security Specialist.
Share This Post

Leave a Reply

Your email address will not be published.

Related Post

May 17, 2023 by Omkar Hiremath

Risk of Security and Monitoring Logging Failures

Read more

Was this post helpful?

May 1, 2023 by Omkar Hiremath

Intro to Identification and Authentication Failures

Read more

Was this post helpful?

Dec 22, 2022 by Warren Moynihan

3 Types of XSS Attacks & 4 XSS Mitigation Strategies

Read more

Was this post helpful?

Office

301 Moodie Dr. Unit 108
Ottawa ON K2H 9C4

Designed by WP Expert
© 2023
Software Secured
cross