Tag: vulnerability

These articles relate to Vulnerability research and Vulnerability management.

Watering Hole attack: Cybercriminals subvert your most vulnerable favorite websites
A watering hole attack is a type of cyberattack in which the attacker targets a website or online service that is known to be frequented by the victim’s target audience. The attacker then compromises the website or service and injects malicious code into it. When the victim visits the website or uses the service, they are infected with malware.
Table Of Contents

The skill of attack: How watering hole attacks work
Opportunistic watering hole
Targeted watering hole
How to defend against watering hole attacks
Conclusion

Watering hole attacks are a more sophisticated type of attack than phishing attacks. They are also more difficult to defend against, as the victim is not actively tricked into clicking on a malicious link.

The skill of attack: How watering hole attacks work

There are two broad categories for watering hole attacks.

Opportunistic watering hole

In one case, there is the opportunistic watering hole attack. In the opportunistic case, the attacker has discovered a vulnerable web site, compromises the web site, and waits for any victim to happen by.

An opportunistic watering hole attack typically follows these steps:

The attacker identifies a website or service that can be compromised.
The attacker compromises the website or service and injects malicious code into it.
Any victim visits the website or uses the service.
The malicious code is executed and the victim is infected with malware.

Targeted watering hole

In a different attack, the watering hole is known to be used by a specific targeted victim. This is a more sophisticated attack against a known specific target.

A targeted watering hole attack typically follows these steps:

The attacker enumerates websites and online services that are known to be frequented by the targeted victim.
The attacker enumerates vulnerabilities on the websites and online services.
The attacker compromises the websites or services and injects malicious code into them.
The victim visits the website or uses the service. In order to evade detection, the attacker may include exemption code to prevent the malware from running on any targets other than the identified target.
The malicious code is executed and the victim is infected with malware.

The malware can then be used to gain access to the victim’s computer or network, or to steal data.

How to defend against watering hole attacks

There are a number of ways to defend against watering hole attacks, including:

Educating users: Educating user is almost always included as the “go to” solution for all things cyber. Novice defenders believe that “ISO Layer 8” is the easiest attack modal to compromise — and this is true, that the user is the easiest operating system to attack. That said, watering holes are a unique technique in that the end user often has to use the watering hole in their normal course of business. That being the case, how can users be educated to avoid watering holes if these watering holes are otherwise “trusted sites”? The answer is, the end user can’t be taught that basic tenant of “avoid untrusted sites”. Instead, the user needs to be made aware of anomalies that might occur when visiting otherwise known trusted sites, a much more complicated endeavor, although one that must be explored.
Maintain updated systems: Updates and patches must be maintained on the enterprise systems. Maintaining updated and patched software reduces the opportunity for exploits to successfully land on the enterprise.
URL filtering: Use URL filtering software that tests the URL destination for malware before it loads into a potential victim’s browser.
Continuous website monitoring: Organizations should monitor websites that are frequented by their employees or customers for signs of compromise. This can be done using web application firewalls or other security tools. When compromise is identified, block access to the web site and proactively contact the web provider.
Using security software: Security software can help to detect and block malicious code. Security software should be kept up to date with the latest virus definitions.
Using intrusion detection systems: Intrusion detection systems (IDSs) can help to detect malicious activity on a network. IDSs should be configured to detect watering hole attacks.

Conclusion

Watering hole attacks are a serious threat to organizations and individuals. By taking steps to educate users, use security software, monitor websites, and use intrusion detection systems, organizations can help to protect themselves from these attacks.

September 15, 2023

Identity theft

“You don’t know me, but I know your password. Let me get right to the point. I have access to your computer. I recorded you through your camera. You can pay me in bitcoin and I will disappear. If you don’t pay me I will send the video to everyone on your distribution list.”
Popular online scam

Have you ever received a threatening email by an unknown assailant who claims they have access to your accounts and have collected damaging information about you? Well sure, the email might be just a scare email with no real “meat” to it, or… it could be a bit more insidious. How can you know for sure whether this hacker really has control of your computer, or really recorded a video of you?

(more…)

December 28, 2018

Zero day, 0day, ohday, oh my!

Hackers have a few things in their favor when it comes to getting into your network and stealing data. One of those things is the elusive zero day.
When it comes to hacking, a zero day is an “exploitation against a publicly unknown vulnerability”. But hackers don’t need a zero day. They only need a “zero to me day”. What does that even mean?