AccessNow is now part of Ericom Connect.
Try the Ericom Connect online demo now or contact an Ericom representative
to discuss the solution you need.
ERICOM CONNECT DEMO
What is a Watering Hole Attack?
How are they carried out, and how can they be prevented?
What is a watering hole attack?
A watering hole attack is a targeted attack in which a hacker chooses a specific group of end users and infects a website that they would typically visit, with the goal of luring them in to visiting the infected site, and gaining access to the network used by the group.
Unlike many forms of web-based attacks, these attacks are personalized for the group of users they are designed to attract. The name ‘watering hole’ comes from the way predators in the wild wait near watering holes for a chance to attack their prey.
How hackers carry out watering hole attacks
Setting up a watering hole attack takes a lot of planning on the cybercriminal’s part:
First, the attacker identifies the group of end-users they wish to target, and observes the group’s online behavior, finding the websites visited often.
To increase the chances of the attack working, hackers sometimes pair the malicious website with other forms of social engineering, targeting the same end users, such as sending highly specific, personalized emails with links to certain pages on the compromised website, or engaging in other forms of online communication that will encourage interaction with the site.
Once an end user has visited the infected site, the attack is often carried out through a drive-by download - in which a script triggers a silent malware download, compromising the user’s device without their knowledge.
Preventing watering hole attacks
As these attacks are targeted, they are often very difficult to detect. They have been specifically for the targeted end-users, often using very sophisticated social engineering techniques that can fool end-users who are usually very careful when browsing the web. There are a number of different steps that can be taken to maximize protection against watering hole attacks:
The first crucial step is to make sure all end-users are aware of watering hole attacks, and the fact that hackers infect legitimate websites to perform these attacks. Train users to recognize the signs of malicious emails, and to think twice before clicking on any links, even if it seems like they are from a genuine source.
Encourage users to discuss any potential security issues that come up with their colleagues. For example, if multiple people on the same team receive a similar email, directing them to a particular site, this could signal a potential attack attempt. Of course, such information should be brought straight to the security team, who can work on preventing an attack from taking place, or watch out for signs of an existing breach.
Keep all software up-to-date
Many traditional security solutions, such as anti-virus software and firewalls, rely on a database of signatures to detect malware and other threats. These databases are updated frequently to ensure protection against the latest threats. Make sure to run these updates promptly.
Also, any other software that connects to the Internet should be kept up-to-date. This is especially important for web browsers and browser extensions, as these are usually the channels through which malware from the web infects a user’s device. Often, malicious code relies on vulnerabilities in the user’s web browser or a web-based app to trigger a malware download. Browser vendors often release security patches that resolve these vulnerabilities, minimizing the chances of successful malware infection. Make sure these patches are installed as soon as they are released.
Use a multi-layer cyber security strategy
While traditional software, like firewalls and antivirus, protect against many known threats, sometimes a watering hole attack can use a previously unknown (‘zero day’) threat. These threats can bypass detection.
To ensure security in the face of an unknown threat, another layer of security is required. For example, remote browser isolation (RBI) can be used to ensure no code, malicious or otherwise, is ever run on the end-user’s device, thus preventing a watering hole attack from being effective. When an RBI solution is used, all web content is executed in a virtual container in the cloud. The end-user interacts via their usual browser with safe rendering data, just as they would with the actual web content -- only no active content from the website ever reaches their browser. When a browsing session is over, the virtual container is destroyed along with any code inside it, malicious or otherwise.
Use web application isolation to protect websites
To prevent your website brom being expolited in a watering hole attack, use web application isolation. Web application isolation uses RBI to cloak web-exposed attack surfaces, such as web application code or exposed APIs. All active code belonging to the application is run in a virtual container.
Hackers who try to explore--and exploit--he source code of a website or application would see only source code related to the web isolation solution. They therefore could not find an entry point for breaching the web site.
For more information about Watering Hole Attacks, see these blog posts:
We worked with Ericom to implement a web security solution that provides the highest level of protection against web-based cyberthreats. This gives our employees the broad secure web access they need to remain productive while ensuring our organization remains secure.
Paul E. Rousseau, SVP IT Architecture and
Engineering Director at Enterprise Bank
TEST FONT SIZES