Posted On 18 Apr 2019
Cyber criminals have once again proven their ability to evolve. The latest cyber-attack method has been termed the ‘Watering Hole Attack’. This form of attack uses cloud services to slip through the security of even the most watertight government agencies.
Once upon a time, attacks were simple
In the past, web attacks came in the form of malicious emails with questionable titles or even poorly written messages from rich Nigerian generals. Now, cyber-attacks take the form of sophisticated spear phishing campaigns that target key individuals. They seek to exploit individuals or digital certificate weaknesses that can be used to control an organization’s infrastructure. In either case, attacks rely on end users clicking malicious links or opening suspicious files.
In more recent times, the internet has seen the dawn of a new online attack. In order to achieve the aim of such attacks, individuals must first be stalked online. For success, the attacker must identify a site which has the user’s trust (a ‘watering hole’ of sorts). Once the trusted site has been identified, the attacker will place their malware on that site, rather than embedding it within an email.
Finding a watering hole
Although it may sound simple to attach malware to a frequently visited site, it’s important that attackers can first identify the correct sites. While it is difficult to insert malware into a major website such as espn.com or cnn.com, it can be easier on smaller sites with weaker security.
Whenever we surf the net on company computers, automated tracking systems monitor our access behaviors and subsequently present us with targeted marketing. These tracking activities capture our browsing patterns without our knowledge. They indirectly map the web patterns of entire organizations. Malicious parties can then exploit these maps, identifying the most vulnerable sites and planting their malicious codes at these watering holes.
Executing the plan
Once a target accesses a watering hole, the malicious code embedded on the site will redirect them to another location. Without the target knowing, a small piece of code will be downloaded to their system. This code will then scan the system for vulnerabilities. Should ideal weaknesses be identified, a larger piece of code will be downloaded and used to deliver the main attack. This gives attackers access to sensitive information such as customer details and financial data.