Watering hole attacks are becoming increasingly popular, says study

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com//watering-hole-attacks-are-becoming-increasingly-popular-says-study/article/313800/

Watering hole attacks are becoming an increasingly trending threat,
according to a recent study.

Conducted by endpoint and server security firm Bit9, “APT Confidential: 14
Lessons Learned from Real Attacks," reveals that the threat is difficult to
detect and prevent.

“There's not much an individual can do to protect against watering holes,
they're not going to see it coming,” Nick Levay, chief security officer
with Bit9, told SCMagazine.com on Friday. “There's always going to be
attacks that are successful against web browsers, but it's important to
distinguish between successful exploitation of a web browser and successful
compromise of the system.”

A watering hole is when an attacker compromises a website by placing
malicious code within the page that will launch an attack on visitors,
Levay said, adding that the most common watering hole attacks exploit Java
vulnerabilities.

“Watering holes have been on the rise in the past few years and a lot of
hackers that were using spear phishing attacks to target people have
started using watering holes,” said Levay, explaining that while watering
holes typically target a specific group or community, he has seen narrower
variants that, for example, will only target a certain range of IP
addresses.

An attacker who compromises a computer in a watering hole attack may be
able to do any number of things to the machine, Levay said, including
reading emails, viewing stored data, robbing username and password
credentials, or installing keyloggers.

Levay pointed to a December 2012 compromise of the Council of Foreign
Relations website as one of the most significant watering hole attacks in
recent time. In that case, attackers took advantage of a zero-day
vulnerability in Internet Explorer to dispense malware to visitors.

The Bit9 report also breaks down the types of basic attackers: criminals
who traditionally prey on weak systems with the hope of making a financial
profit, nation-state hackers out for information, and hacktivists who are
out to get attention, to shame or to protest.

The dangers of employees working at home from personal computers is also
mentioned in the report. Providing work systems, such as laptops, can be
expensive, so businesses must provide and enforce safety protocols for its
staffers who do work while away from the office.

“Visibility is one of the big challenges most organizations are facing,”
said Levay. “Denying threats and detecting threats are two different
things. We've [understood] that you're not going to be able to protect
against all attacks that occur, but it doesn't mean that you won't be able
to see that it occurred. It's important to detect those attacks fast to
take action to mitigate the attack, contain what was compromised and
remediate. Learn from the attack so the next time you can prevent it.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.