Last October, the U.S. Department of Homeland Security (DHS) warned managed service providers (MSPs) and their MSSP cousins about cyber gangsters creeping unnoticed into their customers’ networks. DHS strongly advised MSPs, MSSPs and other service providers to lock down their systems and data against supply chain attacks.
The warning wasn’t about newly discovered hacking. For more than two years, DHS’ National Cybersecurity and Communications Integration Center (NCCIC) has tracked cyber crooks using advanced persistent threat (APT) tools to break into the networks of MSPs and the infrastructure of their customers.
Island Hopping Hackers: Carbon Black Research
But the threat has ratcheted up. Now it’s got a name: “Island hopping.” A new study by endpoint security provider Carbon Black has more to say about that. Island hoppers don’t target just one organization, they also try to hit the networks of any organization in the company’s supply chain. The attack style is indicative of a menacing threat: As the defenders get better at defending so do the attackers get better at attacking.
“Cybercrime certainly isn’t basketball — the stakes are higher, your jump shot doesn’t matter — and yet the principle remains the same. As incident response (IR) teams and their vendors raise the defensive bar, adversaries adapt in kind,” Carbon Black’s third Global Incident Response Threat Report said.
According to the report, which surveyed 40 of the company’s incident response customers, hackers are increasingly using island hopping as a counter tactic to move laterally within a network. Carbon Black called it the new normal. So threatening is the attack type that Tom Kellermann, Carbon Black’s chief security officer, said it signals a cyber crime wave gaining in potency. “Attackers are fighting back. They have no desire to leave the environment. And they don’t just want to rob you and those along your supply chain. In the parlance of the dark web, attackers these days want to ‘own’ your entire system,” he said.
Carbon Black Research Findings
Carbon Black’s Thomas Brittain
Here are some of the study’s findings:
50% of surveyed attacks leverage island hopping, meaning attackers are not only after a network, but also the supply chains.
56% of respondents encountered counter-incident response incidents in the past 90 days.
70% of all attacks now involve attempts at lateral movement as attackers take advantage of new vulnerabilities and native operating system tools to move around a network.
31% of targeted victims now experience destructive attacks, a byproduct of attackers gaining better and more prolonged access to targets’ environments.
In the past 90 days, nearly 70% of all respondents saw attacks on the financial industry, followed by healthcare (61%) and manufacturing (59%, up from 41% in the previous report).
In Carbon Black’s view, island hopping preys on an organization’s lack of visibility into the network. Roughly 44 percent of respondents named it the top barrier to incident response. “More often than not, the adversary is going after the weakest link in the supply chain to get to their actual target,” said Thomas Brittain, who heads Carbon Black’s IR partner program. “Businesses need to be mindful of companies they’re working closely with and ensure that those companies are doing due diligence around cybersecurity as well.”