Crossing the Narrow Sea
Tom Kellermann, Head of Cybersecurity Strategy at VMware and Member of the Cyber Investigations Advisory Board of the United States Secret Service.
“The Greatest trick the devil ever pulled was to convince the world he didn’t exist.” –Keyser Sose
Cyberspace is not a pacific environment. According to the FBI, Cybercrime has increased by 400% in 2020. In their annual risk index, the World Economic Forum stated that cyberattacks are one of the most significant risks posed to corporations. The majority of today’s cyberattacks now encompass tactics such as lateral movement, island hopping, and destructive attacks. Advanced hacking capabilities and services for sale on the dark web compound the issue. These realities pose a tremendous risk to targets with decentralized systems protecting high-value assets, including money, intellectual property, and state secrets. Ominously there has been a dramatic increase in island hopping attacks. According to the 2020 Global Incident Response Report, island hopping occurs 55% of the time. These attacks occur when digital transformation efforts are commandeered by cybercriminals, so the infrastructure now pollutes the consumer. Cyber burglaries have become home invasions. For these criminal groups, there is a desire is to create a renaissance, Lateral movement is metastasizing into island hopping, through an organization’s website, applications, mail server, email. It’s colonization. What used to be a burglary has now become a home invasion.
Island hopping manifests in four forms:
- Network-based: Your corporate network and the trusted connections it has with teleworkers and partners is transited.
- Wateringholes: Your website and mobile applications are commandeered to attack your visitors.
- RBEC: Reverse business email compromise occurs when your mail server or your O365 admin accounts are commandeered to selectively distribute fileless malware.
- Malvertising: Your digital marketing campaigns are polluted.
Situational awareness across your information supply chain is imperative. Please don’t limit yourself to envisioning a traditional supply chain. In 2020 your “information supply chain” extends from your managed service provider to your SAAS providers, to your outside general counsel and marketing/PR firms. Mitigating island-hopping protects your Brand. More than ever, government and corporate leaders – from Senators and Members of Parliament to CEOs and Board Directors –must become engaged in ensuring effective cybersecurity strategies are in place.
Mitigating Island Hopping
- Integrate your endpoint detection & response with your network detection & response platform.
- Audit current system state
- Apply just in time administration
- Deploy Workload security
- Conduct regular threat hunting and extend it to your MSP and external marketing firms.
Breaches will continue at an alarming rate and more often than not these breaches will escalate to island hopping. Offense informs defense. At VMware Carbon Black, we believe that sustainable digital transformation will be achieved by architecting security rather than bolting it on as an afterthought.
Learn more about Tom Kellermann here