Island-hopping sounds like a nice way for your IT team to spend some personal time off. But in a cybersecurity context, “island-hopping” describes an advanced – and increasingly common – form of cyberattack.
Island hopping is a supply chain attack. Supply chain attacks were responsible for two-thirds of all system-intrusion incidents in 2021, according to Verizon’s 2022 Data Breach Investigations Report.
Defined narrowly, island hopping is what happens when an attacker embeds malware into application source code, and the malware proliferates or enables unauthorized system access wherever the application is deployed. This was the method used in the infamous Sunburst attack of 2020, among the most widespread breaches ever.
But island-hopping more broadly refers to any attack that begins farther up the supply chain – say, on a supplier or contractor system – and then spreads downstream to affect the systems and data of other organizations. Government agencies are especially vulnerable to island hopping, in part because they tend to rely on a wide range of suppliers and contractors to support their operations.
Fortunately, there are effective cyber safeguards that can protect your agency against the most common forms of island hopping. And methodologies are emerging that can even prevent island-hopping exploits embedded in software.
Many islands, zero trust
Island hopping can take many forms. If a hacker breaks into the systems of your building-management company and then electronically unlocks the doors of your building, that’s as dangerous a breach as any direct intrusion of your agency’s systems. Or if a vendor or contractor has direct access to your networks, the attacker could use the stolen credentials to directly access your systems and data. Either way, an attack originating farther up your supply chain has breached your defenses.
The solution is a robust zero trust cybersecurity architecture, and in particular, zero trust network access (ZTNA). ZTNA requires every user, device or application to authenticate its identity every time that entity requests access to a resource. So even if systems are breached earlier in the supply chain, malicious actors are blocked from entering your systems.
ZTNA stands in contrast to traditional virtual private network (VPN) access. Here, once a device has authenticated and connected to the VPN, it has full access to all the resources on the network. Instead, ZTNA allows users and devices to access only the specific data and systems they’re authorized to use.
Central to ZTNA is multifactor authentication. MFA typically combines something the user knows (for example, a password), something the user is (that is, biometrics) and something the user has (a token or device). A stronger form of MFA adds an outside element such as a code sent to a smartphone. To protect against island hopping, organizations should also be adopting widespread implementation of MFA.
Your agency isn’t the only organization that should be deploying ZTNA. Consider contractually requiring your vendors and suppliers to implement ZTNA, and show evidence that they’ve done so. That way, you can be confident similar protections are being applied farther up your supply chain.
But even with ZTNA, agencies face the threat of malware potentially baked into firmware and software across their IT infrastructure. Major technology providers should increasingly collaborate to prevent such supply chain vulnerabilities.
What about the software developed by your internal IT teams and external partners and contractors? Many of these applications are built with pieces of open-source code of uncertain provenance. Even if you’re a defense agency whose networks are disconnected from the internet, code originating outside your perimeter is being brought into your networks. You’re essentially blind to any malware embedded in the code.
One solution is to require developers to digitally sign code they create to certify they wrote it. You can also insist that developers only use source code that itself is digitally signed by a trusted source. A limitation of this approach is that if open-source authors create code on systems connected to the internet, their signing keys can be stolen and used by malicious actors who embed malware in the code to make it appear to come from a trusted source. But implementing code review processes, with signatures checked at every stage and access controlled by MFA authentication, reduces the risk considerably.
Even with the source of software secured, bringing it into the destination system can sometimes be a risky business. When the stakes are high, the complexity of the software that receives and authenticates new code and updates can itself be a target for attack. Digital signatures are not simple structures, and the code handling them can go wrong, as a recent crypto library flaw showed. Reducing the risks posed by complex data formats is what Content Disarm and Reconstruction (CDR) is designed for.
CDR is an anti-malware defense used to make sure documents and data are safe to handle. It builds new files that look like the originals but are known to be safe and malware free. But CDR doesn’t apply to code – it can’t transform software to make it safe, but it does apply to digital signatures, transforming the signature into a simpler structure that can be verified. With zero trust CDR, it is even possible to use hardware logic for the verification, which eliminates the software attack surface completely. This is a cutting-edge approach, developed to protect the most critical systems that commercial organizations are just beginning to consider.
CDR can also be used to make emails and web downloads safe, providing your company with protection from spear-phishing, another common form of island hopping. For example, if a hacker steals the credentials of an employee or someone from one of your vendors or suppliers, they can easily send a well-crafted email with a file concealing malware that will wreak havoc on your system once opened. Because the email appears to come from a trusted source, your employees are easily fooled by the spear-phisher. However, with CDR, potential compromise from malicious attachments would be prevented as the original content is always discarded and new safe content is delivered in its place.
Supply chain attacks are a known threat, but agencies can’t afford to ignore the risks of island hopping. With effective implementation of ZTNA and CDR, organizations have the tools to help keep their systems and data safe.
How to protect your agency from an island-hopping cyberattack
In a cybersecurity context, “island-hopping” describes an advanced – and increasingly common – form of cyberattack.
Island-hopping sounds like a nice way for your IT team to spend some personal time off. But in a cybersecurity context, “island-hopping” describes an advanced – and increasingly common – form of cyberattack.
Island hopping is a supply chain attack. Supply chain attacks were responsible for two-thirds of all system-intrusion incidents in 2021, according to Verizon’s 2022 Data Breach Investigations Report.
Defined narrowly, island hopping is what happens when an attacker embeds malware into application source code, and the malware proliferates or enables unauthorized system access wherever the application is deployed. This was the method used in the infamous Sunburst attack of 2020, among the most widespread breaches ever.
But island-hopping more broadly refers to any attack that begins farther up the supply chain – say, on a supplier or contractor system – and then spreads downstream to affect the systems and data of other organizations. Government agencies are especially vulnerable to island hopping, in part because they tend to rely on a wide range of suppliers and contractors to support their operations.
Join us Jan. 27 for our Industry Exchange Cyber 2025 event where industry leaders will share the latest cybersecurity strategies and technologies.
Fortunately, there are effective cyber safeguards that can protect your agency against the most common forms of island hopping. And methodologies are emerging that can even prevent island-hopping exploits embedded in software.
Many islands, zero trust
Island hopping can take many forms. If a hacker breaks into the systems of your building-management company and then electronically unlocks the doors of your building, that’s as dangerous a breach as any direct intrusion of your agency’s systems. Or if a vendor or contractor has direct access to your networks, the attacker could use the stolen credentials to directly access your systems and data. Either way, an attack originating farther up your supply chain has breached your defenses.
The solution is a robust zero trust cybersecurity architecture, and in particular, zero trust network access (ZTNA). ZTNA requires every user, device or application to authenticate its identity every time that entity requests access to a resource. So even if systems are breached earlier in the supply chain, malicious actors are blocked from entering your systems.
ZTNA stands in contrast to traditional virtual private network (VPN) access. Here, once a device has authenticated and connected to the VPN, it has full access to all the resources on the network. Instead, ZTNA allows users and devices to access only the specific data and systems they’re authorized to use.
Central to ZTNA is multifactor authentication. MFA typically combines something the user knows (for example, a password), something the user is (that is, biometrics) and something the user has (a token or device). A stronger form of MFA adds an outside element such as a code sent to a smartphone. To protect against island hopping, organizations should also be adopting widespread implementation of MFA.
Your agency isn’t the only organization that should be deploying ZTNA. Consider contractually requiring your vendors and suppliers to implement ZTNA, and show evidence that they’ve done so. That way, you can be confident similar protections are being applied farther up your supply chain.
Closing down open-source vulnerabilities
Read more: Commentary
But even with ZTNA, agencies face the threat of malware potentially baked into firmware and software across their IT infrastructure. Major technology providers should increasingly collaborate to prevent such supply chain vulnerabilities.
What about the software developed by your internal IT teams and external partners and contractors? Many of these applications are built with pieces of open-source code of uncertain provenance. Even if you’re a defense agency whose networks are disconnected from the internet, code originating outside your perimeter is being brought into your networks. You’re essentially blind to any malware embedded in the code.
One solution is to require developers to digitally sign code they create to certify they wrote it. You can also insist that developers only use source code that itself is digitally signed by a trusted source. A limitation of this approach is that if open-source authors create code on systems connected to the internet, their signing keys can be stolen and used by malicious actors who embed malware in the code to make it appear to come from a trusted source. But implementing code review processes, with signatures checked at every stage and access controlled by MFA authentication, reduces the risk considerably.
Even with the source of software secured, bringing it into the destination system can sometimes be a risky business. When the stakes are high, the complexity of the software that receives and authenticates new code and updates can itself be a target for attack. Digital signatures are not simple structures, and the code handling them can go wrong, as a recent crypto library flaw showed. Reducing the risks posed by complex data formats is what Content Disarm and Reconstruction (CDR) is designed for.
CDR is an anti-malware defense used to make sure documents and data are safe to handle. It builds new files that look like the originals but are known to be safe and malware free. But CDR doesn’t apply to code – it can’t transform software to make it safe, but it does apply to digital signatures, transforming the signature into a simpler structure that can be verified. With zero trust CDR, it is even possible to use hardware logic for the verification, which eliminates the software attack surface completely. This is a cutting-edge approach, developed to protect the most critical systems that commercial organizations are just beginning to consider.
CDR can also be used to make emails and web downloads safe, providing your company with protection from spear-phishing, another common form of island hopping. For example, if a hacker steals the credentials of an employee or someone from one of your vendors or suppliers, they can easily send a well-crafted email with a file concealing malware that will wreak havoc on your system once opened. Because the email appears to come from a trusted source, your employees are easily fooled by the spear-phisher. However, with CDR, potential compromise from malicious attachments would be prevented as the original content is always discarded and new safe content is delivered in its place.
Supply chain attacks are a known threat, but agencies can’t afford to ignore the risks of island hopping. With effective implementation of ZTNA and CDR, organizations have the tools to help keep their systems and data safe.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Simon Wiseman, Ph.D., is chief technology officer of global governments and critical infrastructure for Forcepoint.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
Cybersecurity software tool uses trickery to ward off potential threats from hackers
Improving cybersecurity with open source software
5 ways to meet OMB’s cybersecurity deadline for critical software