BreachExchange mailing list archives
Watering hole attacks are becoming increasingly popular, says study
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 27 Sep 2013 19:00:29 -0600
http://www.scmagazine.com//watering-hole-attacks-are-becoming-increasingly-popular-says-study/article/313800/ Watering hole attacks are becoming an increasingly trending threat, according to a recent study. Conducted by endpoint and server security firm Bit9, “APT Confidential: 14 Lessons Learned from Real Attacks," reveals that the threat is difficult to detect and prevent. “There's not much an individual can do to protect against watering holes, they're not going to see it coming,” Nick Levay, chief security officer with Bit9, told SCMagazine.com on Friday. “There's always going to be attacks that are successful against web browsers, but it's important to distinguish between successful exploitation of a web browser and successful compromise of the system.” A watering hole is when an attacker compromises a website by placing malicious code within the page that will launch an attack on visitors, Levay said, adding that the most common watering hole attacks exploit Java vulnerabilities. “Watering holes have been on the rise in the past few years and a lot of hackers that were using spear phishing attacks to target people have started using watering holes,” said Levay, explaining that while watering holes typically target a specific group or community, he has seen narrower variants that, for example, will only target a certain range of IP addresses. An attacker who compromises a computer in a watering hole attack may be able to do any number of things to the machine, Levay said, including reading emails, viewing stored data, robbing username and password credentials, or installing keyloggers. Levay pointed to a December 2012 compromise of the Council of Foreign Relations website as one of the most significant watering hole attacks in recent time. In that case, attackers took advantage of a zero-day vulnerability in Internet Explorer to dispense malware to visitors. The Bit9 report also breaks down the types of basic attackers: criminals who traditionally prey on weak systems with the hope of making a financial profit, nation-state hackers out for information, and hacktivists who are out to get attention, to shame or to protest. The dangers of employees working at home from personal computers is also mentioned in the report. Providing work systems, such as laptops, can be expensive, so businesses must provide and enforce safety protocols for its staffers who do work while away from the office. “Visibility is one of the big challenges most organizations are facing,” said Levay. “Denying threats and detecting threats are two different things. We've [understood] that you're not going to be able to protect against all attacks that occur, but it doesn't mean that you won't be able to see that it occurred. It's important to detect those attacks fast to take action to mitigate the attack, contain what was compromised and remediate. Learn from the attack so the next time you can prevent it.”
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Watering hole attacks are becoming increasingly popular, says study Audrey McNeil (Oct 04)