Wednesday, March 18, 2020

Word of the Day: island hopping

 
Word of the Day WhatIs.com
Daily updates on the latest technology terms | March 18, 2020

island hopping

Island hopping, also called leapfrogging or pivoting, is a cybersecurity exploit in which an attacker gains access to an intended target by initially exploiting the employees and supply chain partners who have access to the target's network.

 

In this type of backdoor attack, the threat actor exploits a weakness downstream from the actual target and uses it as a launching point to reach the intended target. The term island hopping is inspired by a military strategy used in the Pacific theater during World War II.

 

According to Carbon Black's Global Incident Response Threat Report, 41% of all cyberattacks in 2019 were island hopping attacks. Generally, island hopping attackers pick employees, customers and smaller companies that work with the target organization, hoping that their cyberdefense will be weaker than the ultimate target.


Popular attack vectors include:

 

  • Watering hole exploits - the attacker infects a website that the target's employees are known to visit and infects their computing devices to gain access to the target's corporate network.
  • Social engineering - the attacker exploits the willingness of people to be helpful to compromise a downstream target. Once access to the downstream target has been established, the attacker might use phishing, business email compromise (BEC) or social engineering techniques to access the real target.
  • Reverse business email compromise (rBEC) - the attacker takes over the target's mail server and uses the compromised mail server to distribute bogus messages that appear to be legitimate.

 

To defend against island hopping attacks, security experts recommend taking the following proactive steps:


  • Use network segmentation and limit third-party access to network resources.
  • Require multifactor authentication (MFA).
  • Review logs for red flags that indicate lateral movement through the network.
  • Always assess third-party risks before signing contracts.
  • Create an incident response plan and periodically conduct exercises to ensure the plan will work.
  • Require that suppliers use the same managed service providers and technology stacks as the organization to make monitoring easier. Continue reading...

Today's Takeaway

 

"Lateral movement used to mean the attacker saying, 'I landed on one endpoint on the network, and I want to get to the next one.' Now, the attacker wants to leverage that entire connected ecosystem, and then they can do lots and lots of nefarious things." - Rick McElroy

Buzzword Alert

 

third party risk management

Attackers have found that a small company with a limited security budget can be an excellent launch point for a lateral attack on a supply chain partner.

 

supply chain management

Your distribution points must be stocked with the right quantities of the right products to meet the expected demand.

 

Covid-19

When a supplier is globally remote, for example located in Asia, an event such as the Covid-19 crisis could leave the supplier short of qualified IT and/or security staff.

Quiz Yourself

 
This word describes a data center's ability to resume operations after a disruption.

a. resiliency

b. continuity

Answer

Stay in Touch

 

Thank you for reading! For feedback about any of our definitions or to suggest a new definition (or learning resource) please contact us at: editor@whatIs.com

FOLLOW US

TwitterRSS
About This E-Newsletter
The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US.

Click to: Unsubscribe.

You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com.

© 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners.

Privacy Policy | Partners List
TechTarget

No comments: