The stereotypical image of a snowball rolling down a hill is a good analogy for leapfrogging in an information systems network. The snowball is small and rolls slowly at first, but as it picks up more snow and gains in size, it rolls faster and with more momentum until it crashes into a fixed object. Likewise, leapfrogging begins with a small incursion into a digital network. A hacker uses information gleaned from that incursion to create a bigger opening that allows a deeper incursion. Over time, the hacker gains enough momentum and access to the network that he can steal its data or crash it altogether. The most significant difference between a leapfrogging network attack and a growing snowball is that a hacker can use leapfrogging to jump from one network to another by plumbing interconnection information from the first hacked network.
For all their technical sophistication, hackers are generally either efficient or lazy, depending on your perspective. A hacker will first attack the weakest link in a network and will then build on the success of that attack to delve deeper into the network. The weakest link, and perhaps the greatest web application threat in every network, is often a human element. Hackers are believed to have combined human weakness and network interconnections to hack into the White House in 2014. That hack exposed the President’s appointment calendar and other non-classified information and its adverse effects were limited. It provides a good real-world example of the web application threat posed by a leapfrogging attack.
Hackers first used a phishing methodology to access a State Department computer system that had been previously hacked, but that was never properly secured after those prior unauthorized incursions. Most individuals in any organization will know not to open email attachments from anonymous sources, but that knowledge is not universal or foolproof. Once inside the State Department’s system, after several iterations the hackers found their way into the White House.
The White House hack was malicious, but it did not cause permanent damage. The potential for significant damage from a leapfrogging attack, however, is genuine. Hackers can use leapfrogging to make themselves look like legitimate authorized users of a network. They then use that legitimacy to bypass firewalls and other antivirus features to compromise internal data and to plant malware and other malicious code throughout a network. Organizations that rely solely on antivirus protections are doing very little to fend off these threats.
The leapfrogging threat needs to be foreclosed at its sources. Often, this means ensuring that network endpoints, including mobile devices that employees use to access a network, are adequately protected. Companies like Shape Security offer end-to-end web application threat solutions and services that monitor network traffic for anomalies and that stop the early, weak link incursions before they metastasize into deeper network hacks. Because of the possibility of leapfrogging attacks that jump from one interconnected system to another, smaller businesses need a greater awareness of how their systems can be used as stepping stones for a hacker to leapfrog into a bigger system’s network.
Larger organizations have the resources and manpower to educate employees on their vulnerability to becoming a weak link. A small business might not have that same advantage and its employees will always be in the front line of a leapfrogging attack. At a minimum, each organization needs to train its employees not to respond to requests or emails from unknown or unverified sources. As that weak link is strengthened, other web application threat detection and prevention services will be significantly more effective.