Attackers target supply chains using 'island hopping'
Around half of recent cyberattacks use 'island hopping' techniques, seeking to target not just one network but those along the supply chain too.
This is one of the findings of the latest Global Incident Response Threat Report from Carbon Black. It also finds that 70 percent of attacks now attempt to move laterally around the network.
Attacks are becoming more sophisticated in their attempts to avoid detection too. 56 percent of survey respondents have seen attacks deploying some form of counter measures. Of these 87 percent tried to destroy logs and 70 percent used evasion tactics.
While the finance and healthcare industries remain most vulnerable to these attacks, the threat to manufacturing companies has grown significantly. In the past 90 days, nearly 70 percent of all respondents saw attacks on the financial industry, followed by healthcare (61 percent) and manufacturing (59 percent, up from 41 percent last quarter).
Financial and healthcare industries remain most vulnerable to these island hopping attacks, but the threat to manufacturing companies has grown significantly. In the past 90 days, nearly 70 percent of all respondents saw attacks on the financial industry, followed by healthcare (61 percent) and manufacturing (59 percent, up from 41 percent last quarter).
"At this point, it’s become part and parcel of a cybercrime conspiracy," says Tom Kellermann, Carbon Black's chief cybersecurity officer. "They're using their victim's brand against customers and partners of that company. They're not just, say, invading your house -- they're setting up shop there, so they can invade your neighbors' houses too."
Attacks can take a number of forms. Network-based island hopping involves an attacker leveraging a network to 'hop' onto an affiliate network. This can take the form of targeting an organization's managed security services provider (MSSP) to flow through their connections.
A website can also converted into a 'watering hole.' In the past 90 days, 17 percent of respondents have seen a victim’s website used in this way, a technique aimed at ensnaring a victim's customers and partners. Kellermann notes, "It's the greatest way to hijack a brand, and, as such, organizations need to make this a brand protection issue. CMOs have to have their own cybersecurity strategy in place as it relates to their digital marketing footprint."
A new trend, occurring primarily in the financial sector, is reverse business email compromise (BEC). Here attackers take over the mail server of their victim company and leverage fileless malware attacks from there to those who trust it.
You can find out more on the Carbon Black site.