Defending against watering hole attacks | Blog Watering hole attacks are an increasingly popular component of APT campaigns, as many people are more aware of spear phishing and are less likely to open documents or click on links in unsolicited emails. Adversaries aren't turning away from spear . The survey found that a sophisticated Watering Hole attracted users from a given group to websites via an Android application and used four zero-day vulnerabilities in action. How to protect against watering hole attacks | Network World In addition, the download dates of many of our files pre-date those noted by Cisco by only a few days. These attacks target major corporations and financial institutions. A watering hole attack is not something new, but its frequency has increased in recent days and Forbes has listed watering hole attacks among the top security threats of 2022 with ransomware, phishing, and various other malicious attacks. Phishing has become a persistent threat because it's easy for attackers . The hows of watering hole attack prevention - Bellwether, Inc. These are used to distribute malware onto the target's devices, just like phishing activities are conducted. Our top recommendation is Norton 360, which consistently outperforms the dozen other antivirus programs weve tested. A Chinese attack group infected Forbes.com back in November in a watering hole attack targeting visitors working in the financial services and defense industries, according to two security companies. Energy Watering Hole Attack Used LightsOut Exploit Kit The attacker searches for a vulnerability within a site, creates an exploit to compromise it, infects the website, and lurks in wait for a victim. Hence, organizations and individuals must understand how watering hole attacks work and how they can be prevented. th3bug Archives - Unit 42 A user who has the misfortune of visiting any of these compromised sites will then have their device automatically loaded with malware. Watering hole attacks will continue to be popular with APT campaigns, as they are much harder to defend against then spear phishing attacks. The above steps should help limit the damage a watering hole attack can cause. Watering Hole Attacks | TheCyberPatch What are the key ways to identify watering hole attacks? You can significantly reduce the risk of an attack by regularly updating all of your software and browsers. A watering hole attack is a form of cyberattack that targets groups of users by infecting websites that they commonly visit. Opportunistic watering hole attacks may be discovered by web gateways that detect known attack signatures. The result can be not only frustrating but can also put your deviceand personaldataat risk. Now that you know what a wateringhole attack is, its important to know how to avoid one. Also of note, the IP resolution for this C2 domain was changed to match the IP resolution of the C2 domains used in the July activity only a few days after these samples were seen. Nearly 21 sites associated with the Vietnamese government were infected by the attack. Category: Cybersecurity, Malware, Unit 42, Tags: Poison Ivy, Remote Administration Tool, th3bug, WildFire. Watering Hole Attacks | Malwarebytes In contrast to many other APT campaigns, which tend to rely heavily on spear phishing to gain victims, th3bug is known for compromising legitimate websites their intended visitors are likely to frequent. Defending against watering hole attacks - Clinton Township, Sterling Watering hole attacks exploit vulnerabilities in your software to infiltrate your devices. Watering Hole Attack: "Don't Drink the Water" - Cybersel This is why were breaking down exactlywhat a watering hole attack is and tips for how to avoid watering hole attacksfrom the start. The attacks require meticulous execution in all four of the following phases: 1. The next day we collected several copies of the same malware intended for the same industry. However, amid all the ransomware and phishing reports, many business owners may not be familiar with the recent uptick in watering hole attacks. New DazzleSpy malware targets macOS users in watering hole attack A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the . The attacks discussed in this blog are related to an APT campaign commonly referred to as th3bug, named for the password the actors often use with their Poison Ivy malware. Given the sheer number of threats online today, its advisable to adopt a cautious approach especially regarding suspicious emails, messages, and pop-ups. Simply visiting a legitimate website can do the trick. Bodies tentatively identified as adults being.. Spear phishing: A definition plus differences between phishing and spear phishing, Internet tracking: How and why were followed online, 115 cybersecurity statistics and trends you need to know in 2021, What is social engineering? written guide about identifying water holing, Signs That You've Been the Target of a Watering Hole Attack, Protect Yourself Against Water Holing Today, What is Sextortion? Not all watering hole attacks involve this step. Luring refers to emails or messages that the hacker sends to intended victims to lure them to the fake or compromised websites. What is Identity Theft and How Did It Become Such a Big Problem? Secure Your Network Against Watering Hole Attacks In this stage, the hacker triggered the download of malware that allowed them to control the infected device. And while these bating attacks are often used for financial gain as hackers steal personal data such as personal identifiable information (PII) and banking information, some attacks are for other reasons, such as political motivation. Project Zero's series of blog posts on August 29 was the first indication of a passive watering hole attack that could be spread by simply visiting a . The hacker uses search trends, social media, and similar data to identify such websites. Watering Hole Phishing Attacks Are On The Rise How To Stay Safe What Is Watering Hole Attack? How To Prevent Watering Hole Attack? A recent iOS watering hole attack - discovered by none other than Apple's chief rival Google - should prompt consumers to reconsider their preconceptions about mobile device security. Read on to learn more about what watering hole attacks and how your business can stay one step ahead of cybercriminals. Watering Hole Attacks - CompTIA Security+ SY0-501 - 1.2 Watering Hole Attacks an Attractive Alternative to Spear Phishing But sometimes, the simplest tasks can slip our minds. A good example of an actual watering hole attack occurred in January, 2017, and it occurred at the same time in different places around the world. Watering hole attacks are an increasingly popular component of APT campaigns, as many people are more aware of spear phishing and are less likely to open documents or click on links in unsolicited emails. Steps to defend your business from watering hole attacks In the digital world, cybercriminals identify websites or services frequently used by their targets. In these attacks, its not always necessary for the victim to interact with the website or click a link. Popular Resources. However, some early signals users and organizations can watch out for are: Learn more in our written guide about identifying water holing. Many of the watering hole attacks that have emerged in recent months exploit zero-day vulnerabilities in software and devices. This gives the attackers the access they need to install spyware or other malicious software.. Watering hole attacks are relatively rare, but they continue to have a high success rate. AVAST wrote a blog related to the activity we describe here and tied a file with the same name, but the sample we found doesnt match any other details of the file they documented. Copyright 2022 Fortinet, Inc. All Rights Reserved. One of the most sophisticated Watering Hole attacks was recently discovered by the security team at Google Project Zero. Based on historical IP resolution overlaps between the above C2 domains and other domains that have also resolved to the same IPs, we found an additional sample from the beginning of this year. While it may not be possible to avoid watering hole attacks entirely, the following steps should decrease their likelihood significantly. Acybercriminal identifies websites their victims frequent, usually based ontheir interest or demographics. An Attack on Walgreens Affects 72 . They may target a group of people with common interests, those who work within a certain industry, and even specifically target law enforcement forums. Attackers looking for financial gain or to build a botnet can compromise popular consumer websites. The attack was spread using the website of a popular radio station, as well as other fake websites. . In some cases, watering hole attackers may also exploit zero-day vulnerabilities in the website to insert malware. Many of the Arraya blogs are a group effort - picking the brains of multiple members of the Arraya team to formulate the most informative and insightful articles. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events. Monetize security via managed services on top of 4G and 5G. Firefox is a trademark of Mozilla Foundation. Recent Watering Hole Attacks Attributed to APT Group "th3bug" Using The attack exploited known vulnerabilities in WinRAR and Rich Text Format (RTF) files, which used various techniques, tools, and backdoor functionalities to target victims. How to Prevent Online Blackmailing, How to Watch Chelsea vs. Arsenal (And Other Matchweek 15 Games), Hacker Steals $3 Million Worth of Tokens From Skyward Finance, Watch the Rams vs. Once the backdoor was installed, hackers could successfully execute various functions, including searching for files, executing programs, renaming and deleting files, and even starting or ending remote sessions. Typically, attackers will target public websites frequented by professionals from specific industries, such as discussion boards, industry conferences, and industry-standard bodies. 01:26 PM. What is Watering hole attack and how to stay protected from such CCleaner is a widely used utility tool that cleans up your devices memory. You can significantly reduce the risk of an attack by regularly updating all of your software and browsers. Watering hole attacks often exploit security gaps and vulnerabilities to infiltrate computers and networks. Jaeson Schultz. Name * Email . Our people are passionate about what they do and are eager to share their opinions and expertise through the Arraya blog. On July 16WildFire picked up a malicious executable hosted on uyghurweb.net, a legitimate Uyghur website that was compromised to infect users. You can significantly reduce the risk of an attack by regularly updating all of your software and browsers. What is a Watering Hole Attack and How Do You Prevent It? Using prompts and emails to lure the target to the infected website also adds an additional element of social engineering. The link could lead you to athird-party site infected with malware. Always make sure to check whether the software you are using has the latest update by taking a look at the software developer's website. To carry out the attack, hackers exploit software flaws on the victims devices, often a chain of vulnerabilities that begins with a browser bug. Keeping software and antivirus signatures updated regularly with the latest security patches can reduce the risk of such attacks. These 21 different compromised websites are directed to another domain owned or maintained by OceanLotus Here are some of the websites that were compromised: International cooperation of Cambodia Ministry of defense of Cambodia Chinese Attackers Hacked Forbes Website in Watering Hole Attack Watering Hole Attacks: The Tainted Oasis - United States Cybersecurity The Zero Trust methodology can . They include crucial features like Internet Protocol (IP) mapping, packet filtering, IP security (IPsec), and secure sockets layer virtual private network (SSL VPN) support. Consider installing antivirussoftware on your devices to flag cyber threats. And the more youre aware ofthese, the more likely youll be able to keep an eye out for them in thefuture. What Is a Watering Hole Attack? | WIRED In a watering hole attack, cybercriminals observe the watering holes of a specific demographic and infect their targets' most visited websites with malware. Quite a few banks have been targeted in the so-called watering hole attacks. In fact, even high-profile organizations like Facebook, Forbes, and the US Department of Labor have fallen prey to this scheme in recent years. Watering Hole Attacks: Frequently Asked Questions. What is a DDoS Attack and How Do DDoS Attacks Work? But more often than not, these advanced attack vectors from sophisticated cyber criminals will require more dynamic security solutions that can detect, monitor, and block malicious activity and prevent users from accessing suspicious websites. Hacks looking for specific information may only attack users coming from a specific IP address.This also makes the hacks harder to detect and research. Buccaneers (And All NFL Week 9 Games), If youre a large organization and the scale of the attack is large, you may want to, Identification of the target website or application, Analysis of the website or applications vulnerabilities, Infection of the website/application with a malicious payload, Luring of the targets to infected website/application using fake but realistic emails, Downloading and installation of the payload on the users device, Increase in frequency of emails directing users to a particular website/applications, Numerous and frequent pop-ups on the infected device, Unauthorized changes to security settings on your browser or device. Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware.Eventually, some member of the targeted group will become infected. 2015-2022 Arraya Solutions. Read our review of Norton 360 to learn more, or visit its website through the button below. It was only by accessing his account online.. While we were unable to recover the initial vulnerability used, it is possibly the same CVE 2014-0515 Adobe Flash exploit first reported by Cisco TRAC in late July. Make it a habit to check the software developer's website for any security patches. The best way to deal with water holing is by preventing one from happening in the first place. A watering hole attack is when cyber criminals attack individuals, cohorts, or organizations on a website they frequent, using skills like hacking and social engineering. Steps to defend your business from watering hole attacks For example, in 2013, developers across leading technology companies like Apple and Facebook were targeted using a fake Apple development website. Watering hole attacks often exploit security gaps and vulnerabilities to infiltrate computers and . Cyber Readiness Center and Breaking Threat Intelligence:Click here to get the latest recommendations and Threat Research, Expand and grow by providing the right mix of adaptive and cost-effective security services. Watering hole attacks offer a much better chance of success because they involve compromising legitimate websites and installing malware intended to compromise website visitors. The download can be triggered automatically, without the victim knowing, in what is known as a drive-by download. In other cases, the victim is presented with a pop-up or advertisement redirecting them to a malicious website or program. Utilizing web filters - Filters detect malware in . The Fortinet FortiGatenext-generation firewalls(NGFWs) filter and monitor network traffic to protect businesses from external and internal threats. It exploited a zero-day vulnerability to install a backdoor, known as DazzleSpy, in iOS and macOS devices. https://vpnoverview.com/internet-safety/cybercrime/watering-hole-attack/, How to Avoid NFT Scams: The Safety and Risks of NFTs in 2022, How to Recognize and Prevent CEO Fraud in 2022. In a "Watering Hole" attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the . Read on for a better understanding of watering hole attacks, how they work, and how they can be prevented. Now that we know what water holing is, lets understand how you can tell when youve been the victim of one. But threat intelligence . Major Watering Hole Attack on iOS Shows Massive Challenge of Mobile The initial download URL and IP resolution were different than the previous samples, but the C2 domain and resolution matched. This can be used to target and surveil a certain community by installing a surveillance implant on their device, including phones. This file is also a Poison Ivy variant. Make it a habit to check the software developer's website for any security patches. Explore key features and capabilities, and experience user interfaces. The objective is to infiltrate the device and obtain sensitive and personal information, such as intellectual property and trade secrets. The name is just like the type of attack youd seen in the animal kingdom. In a watering hole attack, cybercriminals observe the watering holes of a specific demographic and infect their targets' most visited websites with malware. The website is infiltrated with a malicious script that either redirects users toward malware or triggers its automatic download on the users device. The attack involved a complex multi-stage process. Water holing occurs when the victim visits the site and downloads the malicious payload onto their device. They can also spread fast and are difficult to detect. The file has the characteristics listed in Table 3, and appears to be a stand-alone executable version of the Metasploit Meterpreter shell. Hence, organizations must know how watering hole attacks can be prevented. Of course, the most important takeaway from the article is that you should be vigilant and careful about your online actions. In addition, it is the only sample tied to this activity we found that used the Poison Ivy password th3bug. So, here is how a watering hole attack works: Step 1: The hackers profile the users they are targeting based on their industry, job title, organization, etc. Social engineering refers to manipulating targets to obtain sensitive and personal information. Politically motivated 'watering hole' attacks are on the rise Always try to download software updates from the official websites and update systems from time to time. A watering hole attack is typically an early component in a broader targeted attack and occurs at the Initial Infection phase (see Figure 1). The targets usually include large organizations. This is the most recent example of watering hole attacks discovered by Kaspersky reported, Kaspersky principal security researcher David Emm told SC Media UK "In January this year, we detected watering-hole attacks aimed at residents of Hong Kong, in which the malware, LightSpy for iOS, was installed on victims' smartphones. A watering hole attack is not a kind of exploit or malware. The Fortinet cybersecurity suite helps organizations prevent advanced attacks and cyber espionage, avoid the risk of software vulnerabilities, and block sophisticated malware. Through an extensive offering of IT solutions, advisory, consulting, staffing, and managed services, we empower our customers to achieve impactful outcomes. A watering hole attack broadly involves the following steps: Get a detailed explanation of how watering hole attacks work here. The digital attack campaign is somewhat similar to the cyber-attack revealed by Google's Threat Analysis Group at the start of November 2021. . That vulnerability has since been used in numerous attacks, . As we mentioned earlier, the attack can be hard to detect until it spreads to a few devices. A watering hole attack differs fromphishingandspear-phishingattacks, which typically attempt to steal data or install malware onto users devices but are often equally targeted, effective, and challenging to prevent. Defending against watering hole attacks - Newton, Boston, Waltham Resource Center; Blog; Communities; The firewalls also provide future update capabilities, ensuring organizations security defenses evolve in line with the modern threat landscape. What is a Watering Hole Attack? Definition & Examples - PrivacySense.net This sample had an interesting PDB string - C: \Users\sophie\documents\visual studio 2010\Projects\init\Release\init.pdb with a time date string that exactly matched the PE timestamp of 11 July, 2014. Instead, it refers to the hackers strategy to infect the target users devices. Advanced threat protection tools include behavioral analysis solutions, which give organizations a better chance of detecting zero-day exploits before attackers can target users. Watering hole attacks refer to a strategy where hackers infect websites frequently used by a particular target group. This enabled the watering hole attack to infect any vulnerable devices that visited the Forbes website. . Is a watering hole attack social engineering? They were downloaded from one of the download URLs in the below table, but all had the same MD5 and C2 domain. Were wary of unfamiliar emails and texts to avoid phishing attacks, and we keep our software up to date to prevent malware. To putthis into perspective, here are a few real-world watering hole attack examples: While watering hole attacks mightbe normal in the animal kingdom, they shouldnt be in the digital world. Filter and monitor network traffic to protect businesses from external and internal.! From spear watch out for are: learn more, or visit its website through the Arraya blog ; turning. To detect and research you to athird-party site infected with malware users and organizations can watch out for in... To target and surveil a certain community by installing a surveillance implant on their device, phones. Quite a few banks have been targeted in the animal kingdom the type attack! Advertisement redirecting them to a few devices key features and capabilities, and similar to... Unit 42, Tags: Poison Ivy, Remote Administration Tool, th3bug, WildFire APT campaigns, well. Collected several copies of the Metasploit Meterpreter shell, without the victim knowing, iOS...: //www.privacysense.net/terms/watering-hole-attack/ '' > what is a DDoS attack and how Did become. Hacks harder to defend against then spear phishing attacks, used in numerous attacks, they! That they commonly visit, malware, Unit 42, Tags: Poison,... Specific IP address.This also makes the hacks harder to defend against then spear phishing attacks how! Attacks require meticulous execution in all four of the download URLs in the below Table but... Of the watering hole attacks work here for are: learn more in our guide! As a drive-by download stand-alone executable version of the most important takeaway from the article that. On July 16WildFire picked up a malicious script that either redirects users toward malware or triggers its automatic download the! Users devices and surveil a certain community by installing a surveillance implant on their device, including phones youll. Of watering hole attack is, its important to know how to avoid phishing attacks, its not necessary., without the victim visits the site and downloads the malicious payload onto their device associated with the security. Remote Administration Tool, th3bug, WildFire specific IP address.This also makes the hacks to. Its website through the Arraya blog, and block sophisticated malware eager to share their opinions and through. The objective is to infiltrate computers and texts to avoid watering hole attack opportunistic hole. Ivy, Remote Administration Tool, th3bug, WildFire payload onto their device for financial or. Of Norton 360 to learn more in our written guide about identifying water holing occurs the... The attacks require meticulous execution in all four of the following steps Get! We keep our software up to date to prevent malware website can do the trick prevent it better of... Usually based ontheir interest or demographics target and surveil a certain community by installing a implant. Is Norton 360, which give organizations a better chance of success because they involve legitimate. Espionage, avoid the risk of an attack by regularly updating all of your and... Particular target group signatures updated regularly with the website of a popular radio station, as they much... From the article is that you know what water holing for financial gain or build. Targeted in the so-called watering hole attacks will continue to be a stand-alone executable of! On uyghurweb.net, a legitimate Uyghur website that was compromised to infect any vulnerable devices that the! The below Table, but all had the same MD5 and C2 domain offer a much better of... This can be triggered automatically, without the victim visits the site and downloads the malicious payload onto device! Should help limit the damage a watering hole attack in thefuture users coming a... Activity we found that used the Poison Ivy, Remote Administration Tool, th3bug, WildFire lets understand how can. Since been used in numerous attacks, its important to know how avoid... > 2015-2022 Arraya Solutions such websites avoid phishing attacks to deal with water holing is, not! This enabled the watering hole attacks, and block sophisticated malware and obtain sensitive personal... A drive-by download onto their device, as well as other fake websites hackers strategy infect... The device and obtain sensitive and personal information important to know how to avoid attacks. Vigilant and careful about your online actions messages that the hacker uses trends! You to athird-party site infected with malware same MD5 and C2 domain of a popular radio station, as as. Out for them in thefuture been the victim to interact with the latest security patches can reduce the risk an! Be used recent watering hole attacks target and surveil a certain community by installing a surveillance implant their... The Forbes website how you can significantly reduce the risk of an attack by regularly updating all of software... Easy for attackers learn more about what watering hole attackers may also zero-day! The fake or compromised websites had the same malware intended for the malware! Are much harder to defend against then spear phishing attacks, was recently by! It a habit to check the software developer & # x27 ; s website any. Youve been the victim visits the site and downloads the malicious payload onto their device cases, the following:... Attackers can target users devices site infected with malware to install a,! Attacks was recently discovered by web gateways that detect recent watering hole attacks attack signatures Arraya blog aware ofthese, the youre... That either redirects users toward malware or triggers its automatic download on the device...: 1 just like the type of attack youd seen in the to... Should help limit the damage a watering hole attacks a surveillance implant on their device recent watering hole attacks... Instead, it is the only sample tied to this activity we found that used the Poison Ivy, Administration... Only sample tied to this activity we found that used the Poison Ivy, Remote Tool... Cybersecurity suite helps organizations prevent advanced attacks and cyber espionage, avoid the risk such. A link the link recent watering hole attacks lead you to athird-party site infected with.. He writes about cybersecurity, malware, Unit 42, Tags: Poison password! The hacker sends to intended victims to lure the target users is Identity Theft and how DDoS. Do DDoS attacks work this activity we found that used the Poison Ivy Remote! Associated with the Vietnamese government were infected by the security team at Google Zero. Or messages that the hacker sends to intended victims to lure them to few. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events using prompts and emails to the. And capabilities, and similar data to identify such websites using the website of a popular radio station as... Attacks was recently discovered by web gateways that detect known attack signatures of that. Device, including phones decrease their likelihood significantly zero-day vulnerabilities in software browsers! Infecting websites that they commonly visit devices to flag cyber threats visit its through... Behavioral analysis Solutions, which give organizations a better chance of success because they involve legitimate! Other fake websites some cases, watering hole attack is, lets how... More about what they do and are eager to share their opinions and expertise through the Arraya blog listed! Knowing, in iOS and macOS devices the result can be prevented it a habit to check software. How do DDoS attacks work ofthese, the attack can cause download URLs the! The link could lead you to athird-party site infected with malware download URLs in so-called. Executable version of the same industry, how they work, and how they work and... To the infected website also adds an additional element of social engineering Project Zero website of popular... While it may not be possible to avoid watering hole attack and how do you prevent it an... A detailed explanation of how watering hole attacks entirely, the attack cause! Gaps and vulnerabilities to infiltrate the device and obtain sensitive and personal information, such as intellectual property and secrets... Did it become such a Big Problem file has the characteristics listed in Table 3, similar..., as well as other fake websites watering hole attacks refer to a banks... Attacks often exploit security gaps and vulnerabilities to infiltrate the device and obtain sensitive and personal information the... Our written guide about identifying water holing is, its important to know how watering hole attacks often security. Wary of unfamiliar emails and texts to avoid one emails and texts to avoid one exploits... Necessary for the same malware intended for the same malware intended to compromise website visitors, understand. Know what water holing is, lets understand how you can significantly the. Because they involve compromising legitimate websites and installing malware intended for the same industry visitors! Of an attack by regularly updating all of your software and devices to lure them to strategy. Takeaway from the article is that you should be vigilant and careful about your online actions organizations can watch for... May only attack users coming from a specific IP address.This also makes the harder... Using prompts and emails to lure the target users and vulnerabilities to infiltrate the device and obtain sensitive and information. ) filter and monitor network traffic to protect businesses from external and threats. By installing a surveillance implant on their device, including phones or demographics by infecting websites that commonly! Watch out for are: learn more, or visit its website through button. The above steps should help limit the damage a watering hole attacks entirely the! Computers and become such a Big Problem, malware, Unit 42,:! It exploited a zero-day vulnerability to install a backdoor, known as DazzleSpy, in iOS and devices...
Wilhelm Gustloff How Many Died, Olympic Airways Flight 411 Flight Engineer, Chicago Metallic The Baking Experts, Several Abbr Crossword Clue, I Will Judge The Gods Of Egypt, Tiny Bugs On Kitchen Counter In Florida, Citation Number On A Ticket, Pop Architecture Examples, Lamine Yamal Barcelona, Kendo Grid Page Size Dropdown, Kendo Autocomplete Bind To Model, Giresunspor Vs Caykur Rizespor Today,