Island hopping probably sounds more like an activity you'd carry out in the Bahamas rather than an attack strategy, but it's actually used quite often by cybercriminals looking to target networks without directly hacking into them. So, what is an island hopping attack, and how can you protect yourself against it?

What Is an Island Hopping Attack?

The term "island hopping" comes from World War II. The US Forces wanted to get to mainland Japan and had to move from island to island, using each as a launching pad for the next, with the mainland as the primary target. It was known as leapfrogging at the time.

picture of a rock in the foreground in focus and trees on island in focus at sparks lake

In an island hopping attack, the threat actors go after your partners and other third-party associates, using their cyber vulnerabilities to hop onto your more secure network. These threat actors are entities or individuals that participate in actions that undermine or have the potential to affect your organization's cybersecurity. They may go to any lengths to bypass their target's firewalls, and an efficient method is island hopping.

Manufacturing, financial, and retail businesses are primarily the targets of this form of cyberattack. In cases like these, the target's security systems are airtight and largely immune to direct invasions, so hackers go through considerably less secure partners.

These partners are trusted by the target organization and are connected to its network. Hackers exploit the trusting relationship and attack the real target's complex defense mechanisms through its weak links with other organizations.

How Does Island Hopping Attack Work?

A Man Typing on a PC in Green Binary Background

Island hopping attacks are effective because they don't trigger alerts in the target's security system. These alerts are usually tripped when there is an attempted entry into the host network from an untrusted or unregistered device. Entries by partners are seldom flagged; threat actors take advantage of this lapse.

There are three standard methods threat actors adopt in their island hopping mission.

1. Network-Based Attack

This method involves infiltrating an organization's network and using it to hop onto another associate network. In this attack, the threat actors usually go after the organization's Managed Security Service Provider (MSSP).

MSSPs are IT service providers that sell security to small businesses and large organizations, protecting them against cybersecurity threats. They use software, or a team of personnel, to respond to these threats as soon as they occur. Many enterprises outsource their IT security department to these MSSPs, making the providers a target for hackers.

2. Watering Hole Attacks

This form of island hopping involves infiltrating sites frequented by the main target's customers, business partners, and employees. Bad actors assess the security of the sites and input malicious links when they find weaknesses.

These links lead to compromised platforms that automatically inject malware onto the computer. Once the injected malware is operational, the threat actors can use the information collated to gain access to the primary target.

3. Business Email Compromise

Image of Hacker Phishing Data

A phishing scam is usually the first step in this method. The cybercriminals pose as a reputable business entity. Yahoo, Facebook, and popular commercial banks are primarily used in these attacks, as the hackers send malicious links in spam emails.

Once the bait is taken and the link clicked, the hackers use malware to compromise the user's computer. This method targets high-ranking officials or executives of the organization.

Keylogger software is sometimes used here to steal the email accounts of these executives. Sensitive information is swiped from the email accounts and then used to infiltrate the target organization.

Island Hopping Precedents: Target and SolarWinds

In 2013, one of the US biggest retail companies, Target, was involved in an island hopping nightmare. And in 2020, SolarWinds, an IT management provider, was the victim of an island hopping attack.

Target: The Nightmare of a Holiday Season

Stacked shopping carts with the Target logo

Threat actors compromised Target's point-of-sale system and stole the financial information of around 40 million customers. This resulted in Target paying the biggest-ever data breach settlement.

$18.5 million was agreed upon to settle 47 states and the District of Columbia after hackers stole most of the retail giant's customers' credit and debit card information during the 2013 holiday season. This data breach cost Target over $300 million. But this wasn't a direct attack on the company's servers.

It started with Fazio Mechanical Services, another company that provides Target with heating and refrigeration. They experienced a malware attack two months before Target's security breach. The threat actors made away with the email credentials and used that to access Target's servers.

SolarWinds

Screenshot of the SolarWinds platform

This attack affected more than 18,000 businesses and even US government departments. Everyone affected had one thing in common—an IT management provider called SolarWinds.

As with island hopping attacks, SolarWinds wasn't the primary target. With the number of departments of the US government that were affected, there were rumors that the hackers were backed by the Russian government, hoping to destabilize the US Congress.

SolarWinds first confirmed the attack in December 2020, although it was undetected for several months. In March 2021, the hackers stole email credentials from the Department of Homeland Security, even though most government departments had warned their employees to shut down Orion, the affected SolarWinds product. The attacks also impacted the Departments of Energy, Treasury, and Commerce, Mimecast, and Microsoft.

How to Protect Yourself from Island Hopping Attacks

With the prevalence of island hopping, you should take steps to prevent your network and servers from being attacked by malicious parties. Here are a few ways you can do this.

1. Use Multi-Factor Authentication

Multi-factor authentication involves using various verification checks, like fingerprint and ID confirmations, to confirm the identity of anyone trying to access your network. This extra layer of security, though tedious, always proves helpful. Hackers with stolen login credentials will find it almost impossible to get past a fingerprint confirmation check or a face ID verification.

2. Have an Incident Response Plan on Standby

Island hopping attacks take many forms, and sometimes regular security protocols may not be enough to forestall any occurrences. Your security software has to be updated constantly as island hopping attacks become more sophisticated. Also, it's best to have an incident response team on standby to take care of unforeseen threats that can get past security and deal with the latest threats.

3. Adopt Latest Cybersecurity Standards

Many organizations recognize the risks of island hopping and have set cybersecurity standards for any would-be partners and associates. Advise current partners to upgrade their security systems; those without advanced checks should have restricted access to your network.

Don't Be a Victim: Restrict Access or Upgrade Your Security

Island hopping attacks have become more prevalent. Organizations with lax security protocols risk being victims of threat actors unless they upgrade their systems.

However, more is needed. Third-party partners without advanced security systems pose a risk and should not have unlimited access. If limiting access is impossible, such partners should upgrade their systems.