50% of Attacks Leverage “Island Hopping” Says Carbon Black
Today, endpoint security solution provider Carbon Black released their “Global Incident Response Threat Report” for April 2019. Among the report’s findings, Carbon Black reveals exactly half—50%—of all cyber attacks leverage “island hopping.” Obviously, this poses an extreme risk to enterprises.
What is Island Hopping?
To summarize, island hopping can take three distinct forms: network-based, watering hole, and Reverse Business Email compromise:
- Network-Based Island Hopping: The most traditional form of island hopping, in which the attacker leverages your network to reach another connected network (such as a third-party or client).
- Watering Hole: This form lures customers and partners to a victimized website.
- Reverse Business Email Compromise: Mostly attacking financial enterprises, hackers can take over email servers and dispenses fileless malware from that point.
Regardless, these attacks allow hackers to steal both intellectual property as well as finances from enterprises.
What the Experts Say
In the report, Carbon Black’s Chief Cybersecurity Officer Tom Kellerman offers his thoughts. “Attackers are fighting back. They have no desire to leave the environment. And they don’t just want to rob you and those along your supply chain. In the parlance of the dark web, attackers these days want to ‘own’ your entire system.”
Also, Thomas Brittain—Carbon Black’s Global IR Partner Program Leader—shares his analysis. “More often than not, the adversary is going after the weakest link in the supply chain to get to their actual target. Businesses need to be mindful of companies they’re working closely with and ensure that those companies are doing due diligence around cybersecurity as well.”
Other Findings From the Carbon Black Report
Obviously, Carbon Black reveals more than just the increased prevalence of island hopping in their Global Incident Response Threat Report. In fact, they also find:
- 56% of incident response partners encountered counter incident response in the past 90 days.
- 70% of all attacks attempt some kind of lateral movement.
- 31% of attack victims suffer a destructive attack.
- Financial, manufacturing, and retail are the three industries most likely to suffer an island hopping attack.
In conclusion, the key to preventing these lateral movement attacks is visibility through next-gen endpoint security. Feel free to check out the full Carbon Black “Global Incident Response Threat Report” for April 2019 here.