Threat Intelligence Blog

Posted June 11, 2019

During WWII on the Pacific Front, the Allied strategy was to slowly conquer small islands off the coast of their main targets, enabling Allied forces to build strength and stealth. Breaching smaller islands was much easier than taking on the super power that was Japan. The term “Island Hopping” was born from this practice.

Just like the generals of the armed forces, cyber criminals and threat actors are cunning and strategic. By attacking the supply chain and third parties around larger organizations, they can island hop their way into larger networks – and they have been. 50% of today’s attacks leverage island hopping, and the biggest target on the list? Managed service providers (MSP).

Why MSPs/MSSPs?

When organizations need a function they don’t have the resources to support internally, they typically leverage the services of a MSP, and in the case of cybersecurity, a MSSP (managed security services provider). Whether the reason is to satisfy compliance regulations like we see in the healthcare industry, or the organization is too small and can’t afford an in-house cybersecurity team, MSSPs provide invaluable services to small and large businesses alike. Like any other third party provider, MSSPs can have virtually unlimited access to their customer’s networks.

Network-Based Island Hopping

There are several different types of island hopping, including network-based, watering hole attacks, and reverse business email compromise (BEC). By infiltrating one network, the cyber criminal can then hop onto an affiliate network. When perpetrated against a large corporation, the results can be catastrophic.

Wipro Island Hopping Breach

In April 2019, Wipro — India’s third largest IT outsourcing company — became aware of abnormal activity on several employee’s accounts. These employees were targeted by an advanced persistent phishing campaign, perpetrated through a remote access screen sharing tool. The threat actors then gained access to Wipro’s client’s networks using the same technology. By using trusted programs used by IT providers, the attackers can easily trick employees to escalate their privileges, providing the threat actor access to more and more. At least 12 of Wipro’s clients were breached in the attack.

Post breach, Wipro is developing a private email network to minimize breaches through their email system. Though they are attempting to spare clients from future breaches, they have already suffered millions in stock losses—India has sold “enemy” Wipro shares to the tune of $166 million USD. An April report into the breach investigation revealed that Wipro systems may still be compromised, allowing the threat actors further access to client networks.

The Wipro breach perfectly demonstrates that island hopping is a successful tactic to gain access to dozens of networks through third parties. Though this risk is fairly new on the scene, its perpetrators are using the same TTPs as other actors. Without visibility into third parties and vendors, your organization is vulnerable to their weaknesses—as well as yours. One simple phishing campaign caused all of this. We see this time and again—even the most advanced actors use the simplest attack vectors. Why? Because employees fall for them. Every. Single. Time.

How to Stop Island Hopping

LookingGlass strongly recommends that employees at your organization — at every level — take part in Cyber Safety Awareness Training to better recognize phishing, spear phishing, and BEC attempts. By recognizing the common signs of these attacks, you could potentially save your organization and your clients from suffering a breach. Another way to combat these simple TTPs is to practice good cyber hygiene, including:

  1. Think before you click
  2. Secure your passwords and enable 2FA
  3. Patch & update your software

Protect your organization and your clients with a 14-day free trial for LookingGlass Cyber Safety Awareness Training here. Contact us to learn more about gaining continuous visibility into your third party networks.

 

Additional Posts

scoutPRIME®

The Platform for More Intelligent Security Management LookingGlass scoutPRIME makes security ...

SecureWorld Dallas

Join LookingGlass and qualified, dedicated, and engaged information security practitioners from ...