Usually, it is very hard for an alligator to chase its prey on dry land. But once the victim approaches a small swamp to quench its thirst, the predator’s chances of having a proper dinner increase. This hunting technique is called “watering hole attack,” and, as it appears, alligators are not the only ones using it. Computer hackers, those who target a particular individual or company, developed a similar approach. They analyze a list of websites that their victims are visiting and inject malicious code into these pages making it easier for users to “swallow the bait”. Sometimes the code can be disguised as a simple visitor counter, which was modified to automatically install malware on the user’s computer.
Here is Cisco’s threat research and analysis team leader Craig Williams talking about tackling the watering hole attack.
Unfortunately, simple patching isn’t always a solution because we have seen things that are 0-day. That means that no one saw them before and no patch exists. If there is a patch – obviously apply the patch, but if there is no patch, defense in depth is your friend. And even if you’re patched you should look for indicators that you’re compromised, because users may visit those websites outside your secure network. They may take their laptop home, and they may not log in with a VPN.
However, the “watering hole” technique is not the only one used by hackers to steal data from your computer. Usually, the threats are mixed – with “good old fashioned” trojans, viruses and exploits, which are also being used to infiltrate target PCs. For instance, hackers can apply the “spear phishing” method to send personalized emails to particular users, which contains links to “watering hole” fake websites, which mimic popular web pages.
Trojans, malicious programs disguised as JPEG and other files, which were often used in the 2000s by hackers to gain access to desktop and laptop PCs, recently made a powerful comeback on handheld devices – smartphones and tablets. In 2016 alone more than 8 million smartphones were infected with malicious installation packages.
Such sophisticated methods are making it hard for users to stay safe on the Internet. However, computer security experts recommend updating anti-virus software as often as possible in addition to using common sense. Basically, pay more attention to details, and if you get a suspicious email, don’t click on the links, even if the letter looks like an important message from your bank, your friends or your colleagues.
We'd love to get your feedback at email@example.com
Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed!