Threat Management, Incident Response, Malware, TDR, Vulnerability Management

Watering hole attacks are becoming increasingly popular, says study

Watering hole attacks are becoming an increasingly trending threat, according to a recent study.

Conducted by endpoint and server security firm Bit9, “APT Confidential: 14 Lessons Learned from Real Attacks," reveals that the threat is difficult to detect and prevent.

“There's not much an individual can do to protect against watering holes, they're not going to see it coming,” Nick Levay, chief security officer with Bit9, told SCMagazine.com on Friday. “There's always going to be attacks that are successful against web browsers, but it's important to distinguish between successful exploitation of a web browser and successful compromise of the system.”

A watering hole is when an attacker compromises a website by placing malicious code within the page that will launch an attack on visitors, Levay said, adding that the most common watering hole attacks exploit Java vulnerabilities.

“Watering holes have been on the rise in the past few years and a lot of hackers that were using spear phishing attacks to target people have started using watering holes,” said Levay, explaining that while watering holes typically target a specific group or community, he has seen narrower variants that, for example, will only target a certain range of IP addresses.

An attacker who compromises a computer in a watering hole attack may be able to do any number of things to the machine, Levay said, including reading emails, viewing stored data, robbing username and password credentials, or installing keyloggers.

Levay pointed to a December 2012 compromise of the Council of Foreign Relations website as one of the most significant watering hole attacks in recent time. In that case, attackers took advantage of a zero-day vulnerability in Internet Explorer to dispense malware to visitors.

The Bit9 report also breaks down the types of basic attackers: criminals who traditionally prey on weak systems with the hope of making a financial profit, nation-state hackers out for information, and hacktivists who are out to get attention, to shame or to protest.

The dangers of employees working at home from personal computers is also mentioned in the report. Providing work systems, such as laptops, can be expensive, so businesses must provide and enforce safety protocols for its staffers who do work while away from the office.

“Visibility is one of the big challenges most organizations are facing,” said Levay. “Denying threats and detecting threats are two different things. We've [understood] that you're not going to be able to protect against all attacks that occur, but it doesn't mean that you won't be able to see that it occurred. It's important to detect those attacks fast to take action to mitigate the attack, contain what was compromised and remediate. Learn from the attack so the next time you can prevent it.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.