"Watering hole" websites present largest innovation for targeted attacks

Share this article:

Researchers have found that targeted attacks are on the climb, and that these campaigns have been most effective when cyber gangs first set the bait at popular websites and wait for victims to arrive.

Symantec on Tuesday released its “Internet Security Threat Report 2013,” which revealed a 42 percent increase in targeted attacks from 2011 to 2012. The security firm defined these campaigns as tactics that combined social engineering and malware to target specific individuals at companies with the goal of stealing trade secrets or corporate data.

Satnam Narang, security response manager for Symantec, told SCMagazine.com on Tuesday that an espionage campaign dubbed the "Elderwood Project" was a prime example of hackers using so-called "watering hole" tactics – infecting legitimate and frequently visited websites – to broaden their reach and avoid running up against blacklists.

In these scenarios, the website that is infected is not the mark, but merely the launching pad used to seed a targeted victim list with malware when they visit the site.

“It's a trend that this is becoming a new way of launching these targeted attacks,” Narang said.

Last year, Symantec discovered that a zero-day vulnerability in Internet Explorer was used to compromise visitors to the website for the Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

In its threat report, Symantec also found that targeted attackers were focusing more on small-to-midsize businesses as a vulnerable link in the supply chain. These organizations are attractive targets because they not only carry sensitive data but also often are linked with larger organizations.

In 2011, companies with fewer than 250 employees accounted for 18 percent of targeted attacks, but in 2012 that figure grew to 31 percent of attacks, the report said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.