Island Hopping in Cyberspace

Island Hopping in Cyberspace

WHY THIS MATTERS

Beware of unknown threats in cyberspace.

If your business holds valuable data, about clients or supply chain partners, you may find hackers island hopping to steal it.

If you imagine your supply chain as a cluster of islands, then you will better understand how easy it is for hackers to jump from one of your suppliers into an open port in your network.

Cyber risk management should help your company prevent, detect, and mitigate a cyber loss.

Due to the lack of visibility when hackers initially attack a vendor or supplier, you need to be diligent in your vendor risk assessments before they join your supply chain.

You are responsible to protect your clients from cyberattacks regardless of whether the fraudsters enter your network via island hopping.

Cyber Armada Insurance will make cyber risk a non-event for you by having the right cyber insurance.

Island Hopping

The term “Island Hopping” began during WWII on the Pacific Front when Allied forces breached smaller islands as a way to access the primary target.

In cyberspace, the term refers to an attack where supply chains and partners are commandeered to target the primary target, such as a supplier, a distributor, or a financial institution. By attacking the supply chain and third parties around larger organizations, bad actors can island hop their way into larger networks.

VMware Carbon Black’s 2019 Global Incident Response Threat Report noted that these days, cybercriminals are seeking to own your entire system. Notably, 50 percent of cyberattacks leverage island hopping. Attackers are after your network and all organizations in your supply chain.

Your company’s adversary may be invisible and go unnoticed as they pursue the weakest link in supply or distribution chain. The weakest link could be the Managed Service Provider (MSP) or the Managed Security Services Provider (MSSP). The latter could be granted unlimited access to their customers’ networks to carry out their cybersecurity work.

Types of Island Hopping

There are several different types of island hopping, including:

  • Network-based island hopping involves attackers infiltrating one network, using it to hop onto an affiliate network.
  • Watering hole attacks occur when bad actors target a website frequently used by partners or customers of the company that they are trying to breach.
  • Reverse business email compromise means a cyber thief takes over a victim’s email server and executes file-less malware attacks against members of the organization.
Wipro Island Hopping Breach

The Wipro security breach highlights MSP vulnerabilities.

In April 2019, Wipro, India’s third-largest IT outsourcing company, discovered that threat actors had hacked into their network, and then used it as a jumping-off point to gain access to their customers’ networks. At least 12 of Wipro’s customers’ systems were breached due to an advanced persistent (APT) phishing campaignperpetrated through a remote access screen sharing tool. The threat actors then gained access to Wipro’s client’s networks using the same technology. By using trusted programs used by IT providers, the attackers were able to trick employees into escalating their privileges, allowing the hackers to more and more access.

Though Wipro reports that they are attempting to spare clients from future breaches, they have already suffered millions in stock losses. Investigations into the breach are continuing.

Financial Institutions

VMware Carbon Black’s third annual report Modern Bank Heists report found that 33% of surveyed financial institutions indicated that they had encountered an attack leveraging island hopping over the past 12 months.

During COVID-19, from the beginning of February to the end of April 2020, the cyberattack numbers are staggering:

  • Attacks targeting the financial sector have grown by a staggering 238 percent.
  • Ransomware attacks against the financial sector have increased nine times.
Prevent, Detect and Mitigate

Cyber risk management should help your company prevent, detect, and mitigate cyber loss. Due to the lack of visibility when hackers initially attack a vendor or supplier, you need to be diligent in your vendor risk assessments before they join your supply chain. You are responsible for protecting your clients from cyberattacks regardless of whether the fraudsters enter your network via island hopping.

Action Steps
  • Assume that there will be some human error, due to distractions of remote work, or outright trickery in ATP phishing email campaigns.
  • Regularly-tested employee awareness training is vital, so much so that some cyber insurance carriers now provide financial support for those efforts.
  • Ensure cybersecurity best practices throughout the supply chain via third-party vendor risk assessments and service agreements.

Cyber Insurance Provides Valuable Coverage and Services

  • Transfer your cyber risk to affirmative cyber insurance to benefit from the value-added services to help insureds protect themselves against cyber risk.
  • Cyber insurance has become service-oriented, with some carriers providing training modules, phishing tests and protection, and scanning your network for vulnerabilities.
    • First-Party coverage for your direct costs:
    • Data breach response costs, including:
      • Data Breach Notification (required by law)
      • Credit Monitoring
      • Forensic Analysis
    • Crisis Management/PR Services
    • Business Interruption Costs from a network or security incident:
      • Network Failure
      • Data Breach
      • Ransomware Attacks
    • Incident Response Plan and Team Players (with multiple panel members to choose from)
    • Tabletop exercises to practice, test, and rate your Incident Response Plan (at least once per year).
    • Third-Party coverage for liability to third parties:
      • If you face a lawsuit following a data breach that results in damage awards
      • If you face a regulatory investigation that results in fines and penalties

TAKEAWAYS

  • Your organization needs to rise to the challenge of the rising threat of island hopping.
  • Protect your cyber resilience and financial viability with affirmative cyber insurance.
  • Too often, companies miss the opportunity to have full, robust cyber insurance tailored to their specific cyber risks.
  • A cyber-specialized broker and insurance carrier will find the right cyber policy that fits your needs.
  • Cyber Armada Insurance will make cyber risk a non-event for you by having the right cyber insurance.

Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.

Contact Cyber Armada today to examine how your company faces potential financial losses from business interruption caused by IoT or supply chain failure caused by a cyberattack.  Contact us at 888.727.6232.

Next Article

Please watch for our article on Distribution Third-Party Cyber Risk.

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.
Cyber Armada Team
Posted by Cyber Armada Team on Jun 16, 2020
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment