Every company is a potential cyber-attack target; even if they’re not the "end target." This is what "island hopping" aims to achieve.
Island Hopping, also known as “leapfrogging” was formerly known as a military strategy in which attackers initially concentrate their strategy on entities that were not their original targets but can be leveraged in order to get to the original target.
Island hopping or “leapfrogging” is also being applied in targeted attacks, where attackers carry out the technique by not going straight to the target company. Instead, attackers go after their target’s affiliates first – preferably smaller companies who may not be as protected. These targeted companies may be from any industry of any size, including small businesses, payroll and HR services, healthcare firms, and law firms.
Attackers that use the island hopping technique may then use these companies to gain access to the affiliate in order to get to the target company. Another way it is applied is when the attacker moves laterally within the target network itself. Attackers usually scan for other systems connected to the one initially compromised and attempt to penetrate them as well.
Target data breach
One of the most notable cases of a targeted attack that used the island hopping technique was the Target data breach early 2014. The story behind the Target data breach inevitably revealed that Fazio Mechanical Services, a heating and refrigeration firm, reported that their systems were abused by cybercriminals in order to breach the retail giant. Multiple sources close to the investigation reveal that credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.
Recommendations and countermeasures
It is recommended for IT administrators to look out for these signs of a potential data breach:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.