Though this is technically a “watering hole” attack, the websites reported by Volexity as having been compromised were all hyper-targeted at the Uyghur community and its supports. An advanced persistent threat known as the LuckyMouse group was ultimately found responsible for the attack, which actually took place back in 2016. We encourage you to follow @VMwareNSX for ongoing network security content. The Evil Twin Attack: Safe use of Public Internet. An investigation found the NotPetya virus on a Ukrainian site that delivered tax and accounting software. The research team at Ensign Labs found that watering hole attacks making use of compromised sites were the most common attack type in Singapore in 2019, representing 47.18% of all recorded incidents. of suspicious website pages or code, advanced malware detection technologies can identify malicious behaviors before they cause additional damage. The attack vector was from users of the site downloading it. Cyware Labs, 1460 Broadway, New York, NY 10036, Cyware Labs, 1460 Broadway, New York, NY 10036. This website uses cookies to improve your experience while you navigate through the website. This generally describes the basic idea of this form of attack. The dominant thinking among security researchers has long been that governments and law enforcement would only want to use zero-day exploits sparingly and with very specific targets, to reduce the risk that an exploit would be discovered by security researchers or companies, who would then fix the bugs underlying the exploit, thus rendering it useless. It may scramble the user’s data and request a ransom to recover it, or capture IDs, passwords and payment card data as it’s entered by the user. [5], Websites are often infected through zero-day vulnerabilities on browsers or other software. United States Cybersecurity Magazine and its archives. In March 2019, researchers at ESET disclosed a watering hole attack involving the International Civil Aviation Organization (ICAO), a specialized agency of the United Nations that promotes the development and planning of air navigation and transport around the world. These attacks target major corporations and financial institutions. Network security administrators need to anticipate their presence and take appropriate countermeasures. These sites can include business partner sites or small websites that provide specific products, services, or information to the target company or industry. But opting out of some of these cookies may have an effect on your browsing experience. They can lead to unbelievable devastation. © 2020 American Publishing, LLC™ | 17 Hoff Court, Suite B • Baltimore, MD 21221 | Phone: 443-231-7438, Cyber Attacks: 5 Ways to Protect Your Business, Data Manipulation Attacks And How To Counter Them, Cyber Policy & Strategy – CSIOS Corporation. Security company Volexity followed up the week after with detailed reports of similar website exploit chains targeting Android and Windows devices, again hosted on websites with a primarily Uyghur readership. The phrase watering hole attack comes from predators in the natural world who lurk near watering holes, waiting for their desired prey. In a network watering hole attack, cybercriminals set traps in websites that their target victims are known to frequent. Watering Hole attacks such as NotPetya are simple disruption tactics. Often the booby-trapped websites are smaller, niche sites that tend to have limited security. Write to us at The name is derived from how predatory animals tend to lurk around watering holes waiting for their prey to come for a drink. [15], In December 2012, the Council on Foreign Relations website was found to be infected with malware through a zero-day vulnerability in Microsoft's Internet Explorer. We also use third-party cookies that help us analyze and understand how you use this website. This time a zero day was being used to exploit thousands of users, indiscriminately targeting all visitors to a specific set of websites. It is therefore imperative that organizations deploy additional layers of advanced threat protection such as network security monitoring and behavioral analysis. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. Firstly, the malicious actor must find the watering hole. A recent example of this form of attack is the NotPetya malware. The PC cleaning software CCleaner version 5.33.6162 was used as a distribution vehicle to effect 2.27 million computers. The malware erases the contents of victims' hard drives. Alternatively, the malware may steal data from the victim’s employer or perform a host of other malicious activities. In the wild, there are many predators that lurk in the shadows of an oasis or watering hole awaiting their prey. Zero day exploits can be expensive, with iPhone exploits used against a single activist reportedly fetching upwards of 1 million dollars. Most recently, researchers at Trend Micro observed malefactors using watering hole attacks exploiting a VBScript engine vulnerability to spread a unique form of malware in 2019. Using a variety of techniques, the attacker compromises the vulnerable websites. An advanced persistent threat known as the LuckyMouse group was ultimately found responsible for the attack… In the past, China has already arrested many. Google’s report and Apple’s recent response both miss the mark on the impact of this attack. It was creative and distinct due to its fast evolution[8]. [8], There was a country-level watering-hole attack in China from late 2017 into March 2018, by the group "LuckyMouse" also known as "Iron Tiger", "EmissaryPanda", "APT 27" and "Threat Group-3390. Because traditional signature-based controls rely on past knowledge of the threat, they do not effectively detect sophisticated watering hole and other attacks. This was an attack on the Ukrainian government that, according to the CIA, was performed by the Russian military. The attacker then identifies the vulnerabilities associated with the websites and injects malicious code into the ads or banners displayed on the website. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them. These attacks likely have the goal of spying on the Uyghur diaspora outside China, to gain as much intelligence as possible on anyone associated with this movement within China or supporting the community from outside of China’s national borders. For context, the main narrative is that this was an attack to disrupt the financial system in Ukraine. Organizations can train employees how to recognize and avoid most phishing emails, but there is no way for a user to identify a compromised website without the assistance of a tool specifically designed to do just that. To begin with, every company should enforce or at least encourage compliance with the following: In addition to the above basic steps, to prevent sophisticated watering hole attacks organizations must deploy advanced network security monitoring tools. These difficulties explain why organizations, including high-profile organizations and government entities, continue to suffer watering hole attacks. To stay protected from Watering hole attacks, it is recommended to monitor all popular websites that employees visit and ensure that those sites are free from malware. The attack making use of a series of watering-hole websites and a drive-by download gambit relying on fake Flash updates. Top 10 Cybersecurity Risks For 2019. In the case of a restaurant, for example, the online menu would be a prime target as it would easily […] This time a zero day was being used to exploit thousands of users, indiscriminately targeting all visitors to a specific set of websites. In this attack, the malware was only deployed to users using Internet Explorer set to English, Chinese, Japanese, Korean and Russian. , hackers from North Korea used watering hole attacks to infiltrate financial institutions in Poland, Mexico, the U.K, and the United States. Watering hole attacks are still wreaking havoc on targeted groups and institutions around the globe. While it is new to observe a state sponsored actor burning zero-days to target an entire community instead of one individual in the community it is a reasonable tactic in this case. Summary – Treat All Third-Party Traffic as Untrusted Until Verified, This website uses cookies for website analytics purposes. [4] The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes. We made a webinar just for you. Google's post was light on specifics, but Project Zero … The attacker first stalks the websites often visited by a victim or a particular group, and then infect the frequently visited websites with malware. Top 10 Cybersecurity Risks For 2019. Though this is technically a “watering hole” attack, the websites reported by Volexity as having been compromised were all hyper-targeted at the Uyghur community and its supports. The attacker initially profiles its targets to learn which websites they frequently visit. Eventually, some member of the targeted group will become infected. LEARN MORE ABOUT US, AND HOW YOU CAN HELP. The attacks I’ve discussed above illustrate how organizations continue to suffer watering hole attacks. Watering Hole Attacks Pose Significant Threats to Network Security, Keep all commonly used software and operating systems patched and updated to the latest versions, Ensure firewalls and other security products are properly configured, Inspect all popular websites that employees visit and routinely inspect these sites for malware, Immediately block traffic to all compromised sites and notify the site owner, Inspect your own websites, even internal sites to make sure they are malware free, To the extent practical and available, configure browsers or other tools to use website reputation services to notify users of known, bad websites, Educate your employees, especially those with access to critical data and infrastructure, about watering hole attacks, Sophisticated watering hole attacks use previously unseen exploits and tactics commonly referred to as zero-day threats.

Old Word For Theft, Replica Designer Clothes Uk, Cost Of Autologous Stem Cell Transplant, Amazonbasics Portable Photo Studio Manual, Bulk Bill Ecg Melbourne, Owl Hcg Diet Food List, Stena Line Staff Login, Eric Clapton Eric Clapton's Rainbow Concert Songs, Samoa National Park,