123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL » Computers >> View Article

Watering Hole Attacks: Protecting Yourself From The Latest Craze In Cyber Attacks

By Expert Author: skyhigh networks

Cyber criminals are clever and know how to evolve – you’ve got to give them that. They’ve proven this once again with their latest cyber attack strategy, the Watering Hole Attack, which leverages cloud services to help gain access to even the most secure and sophisticated enterprises and government agencies.

Attacks Used to be Humorously Simple

In earlier days, attackers operated more simply using emails entitled “ILOVEYOU” or poorly worded messages from Nigerian generals promising untold fortunes of wealth. Over the years, the attacks have evolved into complex spear phishing operations that target specific individuals who can help navigate an organization’s personnel hierarchy or identify digital certificate compromises that lead to command and control over the enterprise infrastructure. In either scenario, the success of the attacks has always been predicated on the fact that users are humans who will occasionally click on or open something that is suspect or compromised.

Now the Bad Guys are getting Smart

More recently, a new, more sophisticated, type of attack is hitting the enterprise. The concept behind the watering hole attack is that in order to insert malware into a company, you must stalk an individual or group and place malware on a site that they trust (a “watering hole”), as opposed to in an email that will be quickly discarded.

Identifying the “Watering Hole”

Inserting malware into a frequently visited site sounds like a great plan, but how do attackers find the right sites? It’s pretty tough to get malware onto the major sites that most people visit like cnn.com or espn.com, so attackers need to know which smaller, less-secure sites (i.e. watering holes) are frequented by employees of the targeted company.

But, how can an attacker know what watering holes users frequents most often? How can an attacker find what watering holes an entire organization or company frequents and how often? And how can they capture this information without anyone clicking anything? The answer…

Tracking Services

Users unknowingly provide all of this information simply by surfing the internet as they normally do. When a user surfs the internet from their company today, automated tracking methods used by marketing and ad tracking services identify traffic patterns and accesses. These tracking services silently capture all this information without users ever being aware their actions online are being followed.

This would seem to be harmless information (aside from the irritatingly persistent retargeting ads you must endure), but the tracking services are essentially mapping the behavioral web patterns of your entire organization. This shows which sites employees frequent, and this information also allows attackers to deduce your company’s browsing and Cloud Security services access policies. In other words, it tells an attacker which watering holes you let your users visit.

Planting the Trap

This gives the adversary a map of the sites to target for infiltration. They target the most vulnerable sites, smaller companies or blogs that don’t have strict security. They plant malicious code on the watering hole site. Once the trap is laid, they simply wait for users to visit the sites they have frequented in the past.

The probability of success is significantly higher for watering hole attacks since the attacker has used the tracking service’s data to confirm that traffic to the site is both allowed and frequent. When a user visits the site, the malicious code redirects the user’s browser to a malicious site so the user’s machine can be assessed for vulnerabilities. The trap is sprung.

Malware Phone Home

Once the user steps in the trap by visiting the watering hole they are assessed for vulnerabilities. Using drive-by downloading techniques, attackers don’t need users to click or download any files to their computer. A small piece of code is downloaded automatically in the background. When it runs, it scans for zero-day vulnerabilities (software exploits discovered by the most sophisticated cyber criminals that are unknown to the software companies) or recently discovered exploits that users have not yet patched in Java, Adobe Reader, Flash, and Internet Explorer (that software update from Adobe may be important, after all).

The user’s computer is assessed for the right set of vulnerabilities and if they exist, an exploit, or a larger piece of code is delivered that will carry out the real attack. Depending on the user’s access rights, the attacker can now access sensitive information in the target enterprise, such as IP, customer information, and financial data. Attackers also often use the access they’ve gained to plant more malware into software source code the user is developing, making the attack exponentially more threatening.

Skyhigh Networks, the cloud access security company, enables companies to embrace Cloud Security Software Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.

Total Views : 164Word Count Appx. : 851See All articles From Author

Computers Articles

1. Contact Yahoo Tech Support Team For Help And Instant Resolution
Author: rockey rosser

2. Get The Latest On The Hottest Trends In The Computer World
Author: Nancy Mathew

3. How Quickbooks Accounting Software Is Useful For Your Business?
Author: David Lee

4. An Overview Of The Linux Laptops
Author: Pearl Lamey

5. Useful Suggestion To Tackle Unwanted Issues Of Tablet
Author: Alex Stylis

6. Must Carry Accessories For Your Laptop - Expert's Guide
Author: Alex Stylis

7. What Are The Predictions For Mobile Application Testing Services In 2017?
Author: Richard smith

8. Why People Find Drake Tax Software Fast And Productive Method In Tax Season
Author: Amenda Ray

9. How Repair My Samsung Mobile Phone With Low Cost
Author: Samsung Repairer

10. How To Delete Gmail Account
Author: Annabell Matt

11. Factsebiz – A Global Fully Incorporated Virtual Ecommerce Software Solution
Author: FACTS Computer Software House

12. How To Resolve The Mozilla Firefox Technical Issues
Author: Esolution Support

13. That Thing You Didn’t Know About System On Chips
Author: Radha Shelke

14. Vantagekart Caters To All Your Electronic Gadget Requirements And Provides Latest Information On Eve
Author: darelsalton

15. Some Unknown Features Of Mozilla Thunderbird!
Author: Alice

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: