Report: Hackers sneak into multiple networks once they get in

By Nicholas Sakelaris
A new report by Carbon Black explores the prevalence of so-called "island hopping" in instances of hacks. File Photo by Christopher Schirner/Flickr
A new report by Carbon Black explores the prevalence of so-called "island hopping" in instances of hacks. File Photo by Christopher Schirner/Flickr

April 2 (UPI) -- Nearly half of businesses that are hacked also report incidents of "island hopping," where cyber criminals latch on to one network and then invade others, a new report by Carbon Black reveals.

The report released Tuesday said island hopping is especially prevalent in the financial sector, where 47 percent of victims say other networks were also infiltrated, Carbon Black, a cybersecurity company, reports. The healthcare industry is also a big target, the company said.


Perpetrators don't just want to rob a business, they want to target suppliers and own the entire system, Carbon Black said.

"At this point, it's become part and parcel of a cybercrime conspiracy," Carbon Black chief cybersecurity officer Tom Kellermann said. "They're using their victim's brand against customers and partners of that company. They're not just, say, invading your house - they're setting up shop there, so they can invade your neighbors' houses too."

RELATED Facebook takes down thousands of accounts ahead of India's elections

Hackers are also getting more aggressive and will fight back once they are discovered, Carbon Black said. The survey by Carbon Black found 56 percent of survey respondents report instances of counter measures or lateral movements so the hackers can stay in the system.


The survey showed 70 percent of survey respondents said perpetrators used evasion tactics and lateral movement once discovered.

"Attackers are fighting back. They have no desire to leave the environment," Kellermann said.

RELATED British report: Serious 'defects' in Huawei technology

Hackers are also going after manufacturers to steal their intellectual property, with 22 percent of survey respondents reporting incidents of IP theft. A year ago, only 5 percent reported IP theft.

"Going after manufacturing companies for IP purposes reduces R&D costs for designing everything from airplanes to cell phones to high-grade weapons," director of partner solutions at Carbon Black Ryan Cason said. "It allows them to get to market quicker, at a cheaper price point, to the detriment of the victim."

The cyber criminals go after the weakest link in the supply chain and the island hop to get to the actual target, Carbon Black said.

RELATED U.S. defense strategy: 'Contain and engage' beats 'deter and defeat'

"Businesses need to be mindful of companies they're working closely with and ensure that those companies are doing due diligence around cybersecurity as well," said Thomas Brittain, who leads Carbon Black's Global IR Partner Program.

Latest Headlines