New Supply Chain Attacks Using "Island Hopping"

Supply chain attacks are getting more prevalent and dangerous says the latest quarterly Global Incident Response Threat report from cybersecurity firm Carbon Black.  Half of current cyberattacks use “island hopping” as an approach, which means attackers are after not only the target network but all those along its supply chain as well, the report states.


Industries most targeted by island hopping are financial (47 per cent), manufacturing (42 per cent) and retail (32 per cent) according to Carbon Black.


Tom Kellermann, Carbon Black’s chief cybersecurity officer, said attackers are using their victim’s brand against customers and partners of that company. “They’re not just, say, invading your house – they’re setting up shop there, so they can invade your neighbours’ houses too.”


The report is based on a survey of 40 Carbon Black incident response partners and offers actionable intelligence for business and technology leaders, supported by analysis of the newest threats and advice on how to stop them.


According to the report, the main reason organisations are vulnerable to island hopping is a lack of visibility, which 44 per cent of respondents named as the top barrier to incident response, up from 10 per cent the previous quarter.


“More often than not, the adversary is going after the weakest link in the supply chain to get to their actual target,” said Thomas Brittain, who leads Carbon Black’s Global IR Partner Program. “Businesses need to be mindful of companies they’re working closely with and ensure those companies are doing due diligence around cybersecurity as well.”

more news

BA, Marriott Face Massive Fines For Data Loss


If proof was needed that poor data protection is bad for the corporate wallet, two examples have demonstrated that substantial fines face those organisations that have lax data security.

read more

Cumbria First Police Force To Utilise NMC Tools


Cumbria Constabulary has become the first police force to use the National Management Centre (NMC) for cybersecurity set up under the National Police Chiefs’ Council (NPCC).

read more

Phishing Attacks Bypassing 2-Factor Authentication


Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block, reports CSO Magazine.

read more

Third of Breaches Caused By Unpatched Vulnerabilities


IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.

read more