| Word of the Day | | Daily updates on the latest technology terms | March 18, 2020 | | island hopping | Island hopping, also called leapfrogging or pivoting, is a cybersecurity exploit in which an attacker gains access to an intended target by initially exploiting the employees and supply chain partners who have access to the target's network. In this type of backdoor attack, the threat actor exploits a weakness downstream from the actual target and uses it as a launching point to reach the intended target. The term island hopping is inspired by a military strategy used in the Pacific theater during World War II. According to Carbon Black's Global Incident Response Threat Report, 41% of all cyberattacks in 2019 were island hopping attacks. Generally, island hopping attackers pick employees, customers and smaller companies that work with the target organization, hoping that their cyberdefense will be weaker than the ultimate target. Popular attack vectors include: - Watering hole exploits - the attacker infects a website that the target's employees are known to visit and infects their computing devices to gain access to the target's corporate network.
- Social engineering - the attacker exploits the willingness of people to be helpful to compromise a downstream target. Once access to the downstream target has been established, the attacker might use phishing, business email compromise (BEC) or social engineering techniques to access the real target.
- Reverse business email compromise (rBEC) - the attacker takes over the target's mail server and uses the compromised mail server to distribute bogus messages that appear to be legitimate.
To defend against island hopping attacks, security experts recommend taking the following proactive steps: - Use network segmentation and limit third-party access to network resources.
- Require multifactor authentication (MFA).
- Review logs for red flags that indicate lateral movement through the network.
- Always assess third-party risks before signing contracts.
- Create an incident response plan and periodically conduct exercises to ensure the plan will work.
- Require that suppliers use the same managed service providers and technology stacks as the organization to make monitoring easier. Continue reading...
| | | "Lateral movement used to mean the attacker saying, 'I landed on one endpoint on the network, and I want to get to the next one.' Now, the attacker wants to leverage that entire connected ecosystem, and then they can do lots and lots of nefarious things." - Rick McElroy | Related Terms You Should Know third party risk management Attackers have found that a small company with a limited security budget can be an excellent launch point for a lateral attack on a supply chain partner. supply chain management Your distribution points must be stocked with the right quantities of the right products to meet the expected demand. Covid-19 When a supplier is globally remote, for example located in Asia, an event such as the Covid-19 crisis could leave the supplier short of qualified IT and/or security staff. This word describes a data center's ability to resume operations after a disruption. a. resiliency b. continuity Answer Thank you for reading! For feedback about any of our definitions or to suggest a new definition (or learning resource) please contact us at: editor@whatIs.com | FOLLOW US | | About This E-Newsletter The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US.
Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List | | |
No comments:
Post a Comment