Watering hole attacks are becoming increasingly popular, says study

Share this article:

Watering hole attacks are becoming an increasingly trending threat, according to a recent study.

Conducted by endpoint and server security firm Bit9, “APT Confidential: 14 Lessons Learned from Real Attacks," reveals that the threat is difficult to detect and prevent.

“There's not much an individual can do to protect against watering holes, they're not going to see it coming,” Nick Levay, chief security officer with Bit9, told SCMagazine.com on Friday. “There's always going to be attacks that are successful against web browsers, but it's important to distinguish between successful exploitation of a web browser and successful compromise of the system.”

A watering hole is when an attacker compromises a website by placing malicious code within the page that will launch an attack on visitors, Levay said, adding that the most common watering hole attacks exploit Java vulnerabilities.

“Watering holes have been on the rise in the past few years and a lot of hackers that were using spear phishing attacks to target people have started using watering holes,” said Levay, explaining that while watering holes typically target a specific group or community, he has seen narrower variants that, for example, will only target a certain range of IP addresses.

An attacker who compromises a computer in a watering hole attack may be able to do any number of things to the machine, Levay said, including reading emails, viewing stored data, robbing username and password credentials, or installing keyloggers.

Levay pointed to a December 2012 compromise of the Council of Foreign Relations website as one of the most significant watering hole attacks in recent time. In that case, attackers took advantage of a zero-day vulnerability in Internet Explorer to dispense malware to visitors.

The Bit9 report also breaks down the types of basic attackers: criminals who traditionally prey on weak systems with the hope of making a financial profit, nation-state hackers out for information, and hacktivists who are out to get attention, to shame or to protest.

The dangers of employees working at home from personal computers is also mentioned in the report. Providing work systems, such as laptops, can be expensive, so businesses must provide and enforce safety protocols for its staffers who do work while away from the office.

“Visibility is one of the big challenges most organizations are facing,” said Levay. “Denying threats and detecting threats are two different things. We've [understood] that you're not going to be able to protect against all attacks that occur, but it doesn't mean that you won't be able to see that it occurred. It's important to detect those attacks fast to take action to mitigate the attack, contain what was compromised and remediate. Learn from the attack so the next time you can prevent it.”

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.