Island Hopping Technique in Cyber Attacks

While ‘island hopping’ might come across as a fun and tropical activity to try during your next holiday, this term carries a far more negative connotation in the realm of cyber-attacks.

Indeed, island hopping refers to a data breach technique that occurs when cyber-criminals infiltrate smaller organisations – such as human resources, marketing or health care companies – in attempts to access a larger target organisation. By first invading the larger organisation’s partner companies, cyber-criminals typically have an easier time hacking their final target.

And recent research from software experts revealed that this attack method has risen dramatically over the last couple of years. In fact, a startling 50 per cent of today’s cyber-attacks utilise the island hopping technique. Don’t let your organisation become the next victim of this growing cyber-trend. Use this guidance to review the most common forms of island hopping and implement best practices to reduce your risk of a cyber-attack.

There are three different types of island hopping:

1. Network-based – Known as the most common type of island hopping, the network-based method entails a hacker invading a victim’s organisational network and eventually ‘hopping’ onto a partner’s network.

2. Website ‘watering homes’ – This technique involves cyber-criminals inserting a form of malware on a smaller company’s website that is frequently used by a larger target organisation. From there, the malware infects any individuals that use the website. The hackers can then use the infected individual’s account information to access and attack the target organisation.

3. Business email compromise (BEC) – A popular method in the financial sector, this form of island hopping occurs when hackers infiltrate the email server of a partner company and send malware attacks to the target organisation via the email account of a trusted affiliate.

Use these tips to avoid an island-hopping attack:
  • Be sure that your organisation – and any affiliate companies – have robust cyber-security policies and procedures in place, such as routine staff training and regularly updating software with malware protection.
  • Establish a cyber incident response plan to reduce potential damages from a cyber-attack. Test this plan with staff for effectiveness.
  • Secure proper cyber insurance to ensure ultimate peace of mind against evolving cyber threats. For more information, contact TH March today.

Read our other posts

Notable Cyber Security Fines and Prosecutions

Notable Cyber Security Fines and Prosecutions

The amount of UK organisations that have fallen victim to cyber attacks has steadily grown over the past several years, and unfortunately we’ve seen this spike due to COVID-19. Cyber attacks do not discriminate—businesses of all sizes and industries have been targeted. It is dangerous to believe that cyber attacks can only happen to other […]

COVID-19: Return-to-work considerations for offices

COVID-19: Return-to-work considerations for offices

The coronavirus (COVID-19) pandemic has interrupted many businesses and offices across the country. While it’s unclear how long COVID-19 will continue to affect organisations, many employers are looking to the future of employees returning to work. Echoing the sentiments of public health officials, a return to normalcy won’t be like flipping a switch, but rather […]

Wearing Facial Masks or Coverings in the Workplace During COVID-19

Wearing Facial Masks or Coverings in the Workplace During COVID-19

During the COVID-19 pandemic, some employers are currently open as essential businesses—for organisations that are not open, many plan to welcome back employees as soon as government guidelines allow it. Health experts suggest that face coverings should be worn in public, including places of employment. There are many questions about the differences between masks and […]

Post-coronavirus Offices

Post-coronavirus Offices

The coronavirus disease (COVID-19) pandemic has changed many aspects of the current workplace and employers should begin planning for what their post-coronavirus office will look like. Previously, social distancing and COVID-19-related best practices hadn’t been a topic on the mind of most employers or employees. By updating office layouts, encouraging new behaviours and expanding remote […]

Best Practices for Laying Up Commercial Vehicles

Best Practices for Laying Up Commercial Vehicles

In the midst of the COVID-19 pandemic, organisations across the UK have halted key business operations in order to follow government guidelines—including stopping all non-essential travel. As a result, many organisations that utilise commercial vehicles for a variety of purposes (e.g. performing deliveries, picking up goods or transporting workers between job sites) have begun ‘laying […]