(Source – Shutterstock)

Article by Tom Kellermann, Head of Cybersecurity Strategy at VMware

Island hopping – the term sounds great with both words conjuring up images of fun adventure or exotic vacations exploring new places. The reality is anything but. Island hopping is a technique used by cybercriminals to hijack an organization’s infrastructure in order to attack its customers. The term is derived from a World War II military strategy of the same name. While this poses a serious threat to organizations, the financial sector in particular is targeted by cyber crime cartels and nation states leveraging this method of attack. These are no longer the bank robberies of old, as simple wire transfer fraud is no longer the ultimate goal.

Understanding island hopping and its impact

Cybercriminals typically target smaller organizations with fewer downstream supply chain security resources in order to infiltrate their high-value target. Attackers exploit vulnerabilities in these less sophisticated companies’ defenses and use their affiliation with the target as an entry point, essentially commandeering an organization’s information supply chain to attack the institution from within. Once inside, hackers take advantage of the trust between the two companies and use their shared networks to reach the real target. At this point, the entire supply chain, including customer data, is at risk.

State of play: from island to island today

island hopping

Tom Kellermann, Head of Cybersecurity Strategy at VMware

Island-hopping attacks have increased in recent years and there is growing concern among business leaders, particularly in the financial sector. VMware’s fifth annual report, Modern Bank Heists, found that 60% of financial institutions experienced an increase in island hopping in 2021, a 38% increase from the previous year. We have entered a new era of conspiracy, where the hijacking of a financial institution’s digital transformation via island hopping to attack its constituents has become the ultimate outcome.

Cybercrime cartels have studied the interdependencies of financial institutions to understand, for example, which managed service provider (MSP) is used and who is the external general counsel. In turn, these organizations are targeted and exploited by cyber crime cartels to island hop in banking. The Modern Bank Heists report also revealed that 87% of financial institutions are concerned about the security of their shared service providers. Shared service providers, when compromised, pose a systemic risk to the financial industry as their infrastructure can be polluted to attack dozens of financial institutions at once. This type of island hopping is very concerning.

The Five Stratagems of Island Hopping

As island hopping has grown in prevalence, five forms have emerged as the most common that organizations should keep an eye out for:

  • Application Programming Interface (API) Attacks: APIs associated with fintech are targeted by cybercriminals due to their inherent accessibility and the fact that these APIs become a gateway to fintech platforms. Our recent report shows that 94% of financial security managers have experienced attacks against a fintech-related API. APIs have become the data plane, essentially the central nervous system, that transports critical information and data from one part of the application to another. In other words, APIs have become an essential and central component of modern applications. Thus, they are an ideal target for cyber crime cartels. Thus, managing and securing modern applications cannot be done without managing and securing APIs.
  • Network based island hopping: This is one of the most frequently used forms of island hopping. With network-based island hopping, attackers infiltrate a network and use it to hop onto an affiliated network
  • Attacks at the watering hole: These occur when the adversary hijacks a website or mobile application used for e-finance by customers
  • Reverse Business Email Compromise Attacks (RBEC): These occur when a hacker successfully takes over a victim’s Office 365 environment and executes fileless malware attacks against the financial institution’s and board’s C suite
  • From island to island as a service, or access to mining: It is a tactic in which an attacker exploits the footprint and distribution of basic malware, using it to hide a hidden program of selling system access to targeted machines on the dark web.

Adopt Zero Trust to combat island hopping

At its core, island hopping feeds on the implicit trust one can have in a brand. In the modern threat landscape, organizations must take a Zero Trust approach to security and assume that every digital transaction can be dangerous, even if it appears to come from a trusted third party. In addition to ongoing security monitoring, Zero Trust requires that all users be authenticated and only access authorized and relevant systems. This reduces the blast’s attack radius by disabling any east-west spread to other systems.

In the spirit of Zero Trust, security teams should also assume that attackers have multiple paths through their organization. Weekly threat hunting across all devices can help security teams maintain proper cyber hygiene and detect behavioral anomalies, as adversaries can maintain covert persistence in an organization’s system. And don’t assume that traffic sent in familiar packaging is safe.

Finally, to combat island hopping and the ever-evolving attacks on the financial industry, organizations must ensure that CISOs have the authority, resources, and access to the CEO to build an appropriate defense. . Empowering CISOs and ensuring they report directly to the CEO will help make cybersecurity a board-level issue and better protect financial institutions from cyberattacks.

The views expressed in this article may not reflect the views of Tech Wire Asia


WATCH NOW: Touring the River Valley: Brunet Island State Park | Local


'A proven manager and leader of a small island state': Simon Stiell of Grenada appointed UN climate chief

Check Also