Half of cyber-attacks today use so-called “island hopping” techniques to infect a supply chain partner en route to a higher value target, according to a new report from Carbon Black.
The security vendor’s Quarterly Incident Response Threat Report features qualitative and quantitative input from 40 Carbon Black incident response partners.
It revealed the financial sector (47%) as most likely to encounter island hopping, followed by manufacturing (42%) and retail (32%).
The largest number of respondents (44%) cited a lack of visibility as their key barrier to combating such attacks, up from just 10% in the previous quarter.
This kind of supply chain attack can happen in several different ways. Most common is a network-based attack which sometimes occurs via a compromised managed security services provider (MSSP). However, watering hole attacks on partner sites are also popular.
A relatively new tactic highlighted by Carbon Black is the “reverse BEC” in which attackers compromise the mail server of an organization and use this to spread fileless malware attacks to trusted partners.
Alarmingly, a significant minority of firms (31%) are reporting destructive attacks. Many of these are linked to attempts at counter-incident response, which over half (56%) reported. In fact, the number reporting counter-incident response rose 5% over the past three quarters.
In addition, the report revealed that most attacks (70%) now involve some form of lateral movement, with Powershell (98%) and WMI (83%) the most popular tools for doing so.
"Attackers are fighting back,” warned Carbon Black chief cybersecurity officer, Tom Kellermann.
“They appear to have no desire to leave the environment. And they don’t just want to rob you and those along your supply chain. In the parlance of the dark web, attackers these days appear to want to ‘own’ your entire system.”