Remember when cyber attacks were emails from far away princes who wrote poorly worded emails. Those days are long gone and now cyber criminals have developed more advanced threats, which cyber security experts have named with even worse analogies. It is important to keep up to date with what the latest threats are and how you may be vulnerable. While you may be familiar with the evolution of phishing, the threats have not stopped advancing, with watering hole attacks become the preferred method of attack. So let’s explore watering hole attacks and how it can impact your networks.
What are Watering Hole Attacks
Watering hole attack, odd name right, it was based on the dynamic often found in nature where a diverse set of animals all come together around water only to be unknowingly surrounded by predators. Waterhole phishing or watering hole attacks operate on the basis of trust. Cyber criminals study their target to understand what online websites or applications they trust or frequent. Once they identify the website their targets trust they install malware on it. The website then becomes a distribution point, while both the website owner and targeted victims remain ignorant of this. An example of this could be you have a new employee who is looking to understand more about the industry and visits a trade publication, but that publication’s website has been infected by malware via their flash player. In a case like this the website owner and your new employee would not realize what happened. This style of attack is so effective that Microsoft, Apple, Facebook, and Twitter have all fallen victim to it.
So you may be wondering how does an attacker identify what websites their targets frequent the most. You may or may not be surprised to know that cyber criminals are using data normally collected to understand your behavior as an organization, and the behavior of your employees. This data is often collected from other companies or marketing firms with the general intention of providing better products, services, and experiences. However when a cyber criminal gets a hold of this data, it provides a map of what sites are permissible for your employees to visit and already on a whitelist to your security. With this approach cyber criminals do not have as much research to do as they would in a case of targeted phishing.
Process of a Watering Hole Attack
Now that we know what a watering hole attack is let’s explore what the process for this type of attack looks like. Understanding a cyber criminal’s process will help you block these attacks before they do any serious damage. The process is as follows:
Make no mistake watering hole attacks are not dragnet attacks. Instead they are targeted towards a particular organization orindustry. It needs to also be made clear that size is not important to the cyber criminal, data is.
2. Identify Frequented Websites
As stated above cyber criminals use data from tracking companies to understand the behavior of the organization or industry they are targeting. The companies that provide this data are generally involved with customer analytics and include: Kissmetrics, Chartbeat, Woopra, Statcounter, and many others. Cyber criminals leverage the services of these companies to gather the intel they need to plan for their attack.
3. Malware Installation
Cybercriminals then install malware into websites that have exploitable vulnerabilities. This can often be blogs or websites with less of a budget for security. The website becomes a distribution point for exploits.
4. Vulnerability Scans
Once a user visits the compromised website which they trust, code is downloaded in the background which runs a vulnerability scan on the target device. The vulnerabilities it looks for can be in the operating system, browsers, adobe products, flash, silverlight, java, and a number of other common softwares.
5. Exploit Delivery
If there are vulnerabilities in the target device or network, then an exploit is delivered in the background as well.
6. Theft or Greater Attack
Depending on the privileges of user of the compromised device the cyber criminal may now have access to financial data, intellectual property, and even the ability to place malware into source code.
Now that you know the process of attack, let’s discuss some safety measures you can take to prevent a data breach in your organization.
Watering hole attacks are only effective if there are exploitable vulnerabilities in the software used and interacted with daily. To prevent the delivery of an exploit make sure to keep all of your software and browsers up to date. If companies such as Microsoft and Apple can have their networks breached from an attack like this, so can you.
2. Detection & Auto-blocking
It is good practice to have a baseline “normal” behavior established and tracked for each employee in your organization. This helps for detection of abnormal or malicious activity. If your systems detect abnormal behavior they need to also be able to respond automatically based on severity. An example here would be if an employee’s account became compromised and your systems started to detect a large transfer of information; an auto-response that you configured would kick in and lock-out the account.
3. Block Tracking Services
Cyber criminals can only effectively track the activity of your employees because they are tracked by customer analytic companies. By blocking tracking services on the browsers of your employees it helps to throw cyber criminals off of easy access to data about you. .
Cyber threats are growing daily and as a result it is best to be informed about how they affect your organization. Stay up to date and safe by being vigilant of what cyber criminals are up to.
[#Infographic] Watering hole attacks are threats lying in wait. @ITSecCentral – CLICK TO TWEET GRAPHIC