February 19, 2014

Beware of Hackers Using Watering Hole Attacks

Watering Hole Attacks Show Hackers for the Cunning Predators They Are Law firms, defense contractors, design companies, infrastructure facilities and manufacturers are high on the list when it comes to cyber espionage. But they are far from alone on that list with so much sensitive digital information in play across nearly every industry. And with […]

Watering Hole Attacks Show Hackers for the Cunning Predators They Are

Law firms, defense contractors, design companies, infrastructure facilities and manufacturers are high on the list when it comes to cyber espionage. But they are far from alone on that list with so much sensitive digital information in play across nearly every industry. And with more and more organizations finally waking up to the real scope of the espionage game, and the high stakes involved, adversaries are forced to constantly vary the tactics they rely on to quarry their prey. Hackers know brute force attacks are becoming increasingly difficult when their aim is to target a specific organization or industry, so sometimes they go old-school – very old school - as in the watering hole attack.

Watering Hole Attack

What is a watering hole attack?

Watering hole attacks have been an effective favorite of natural predators since before mankind roamed the earth, because they’ve always worked. It didn’t take long for predators to realize that instead of expending precious energy to find and chase prey, it’s a lot easier to just figure out where they are going to be. And since they all have to head to the watering hole to drink eventually, it’s a perfect spot for an easy ambush. Hackers didn’t take long to put their own spin on it as well. By figuring out the sites frequented by the players from the particular industry or organization they want to target, they could try to compromise any one of those less secure locations, and if successful, use it as an ambush spot to quietly deliver a malware payload like a RAT (Remote Access Trojan) to all the unsuspecting industry visitors that stopped by for a “drink.” Once that’s accomplished, the hackers have their foot in the door to all of their respective networks, free to steal, modify and/or corrupt ESI (Electronically Stored Information) at will.

What kind of sites do hackers use as watering holes?

There are two key criteria for hackers to set up a successful watering hole attack. First, the site has to be frequented by the type of visitors the hackers are targeting, whether it’s a particular organization or broader industry-specific traffic. Second, they have to be able to compromise it. Aside from those requirements, every kind of site is fair game and a potential watering hole. Blogs, forums, vendor sites, industry news sites, they’re all favorites and have all been used, among many others. Hackers creating bogus forums, blogs and sites from scratch fashioned to look legitimate has also been done, sometimes garnering a respectable amount of industry traffic in the process, before being shut down to avoid detection.

Cyber predators come in all shapes and sizes.

The sophistication of watering hole attacks can vary greatly, mostly dependent on the predator(s) behind it. Foreign actors, many funded by the deep pockets of rival governments, like China, Russia, North Korea and Iran, rely on attacks like these as the main staple of their industrial espionage campaigns today. They want defense plans, design specs, manufacturing secrets and other valuable intellectual property to stay in and ahead of the game on the world stage. It’s nothing new, but with most of the world’s information now found in digital form, the old cloak and dagger spy game has gone mostly digital too. One gigabyte of information can be stolen in a moment today, whereas in the old days you would have to fill a pickup truck with over a thousand books and make it to the drop point in order to get away with the same size bounty. But governments are not the only ones relying on watering holes, everyone from organized crime rings to lone wolf hackers are happy to get in on the action. If your data has value, they’re more than willing steal it by any means possible and cash it in on underground black market sites where buyers abound.

How can organizations fight back?

Increasing awareness enterprise wide and regular threat testing are essential. You can’t control the security weaknesses of other sites, so the task of maintaining security falls on your end. Religiously using tools like DBRT (Data Breach Response Toolkit), by Global Digital Forensics (GDF), has to be a top priority. It’s designed to sniff out and eradicate even the most sophisticated malware that standard antivirus/antimalware programs miss because they rely on signature identification, like RATs, polymorphic viruses, keyloggers and other advanced payloads. DBRT lets your IT security personnel monitor, identify, and eliminate threats like these across the entire network from a single command and control client. So if anyone on the network got compromised by a watering hole attack, you can find and remove the malware and keep your digital assets safe. DBRT also allows you to inoculate your systems from reinfection from any malware it identified, a huge bonus when it comes to watering hole attacks in case more personnel visit the same malicious site.

The right help is just a phone call away

Let GDF help you survive and thrive in this increasingly dangerous digital world. Call 1-800-868-8189 today for more information about DBRT, or to receive a free consultation with one of our security specialist to help craft a plan that suits your unique needs. With our proven ability to streamline effective solutions, it’ll cost less than you think, but the benefits could prove priceless.

[button text="I Want a Free Consultation" link="http://evestigate.com/contact-global-digital-forensics/"]

Get a Quotation

Use the secure form below to get your questions answered.
Or call our 24 hour hotline at: 
1-800-868-8189

GDF Local Providers

We are an international company with a local focus.
Contact a regional office near you.
envelope-oclosephonebars linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram