“Watering hole” campaigns are more visible lately, with researchers identifying new incidents almost every day. The watering hole attack that compromised several computers over at Twitter, Facebook, Apple and Microsoft recently appears to have impacted regional banks, activist groups, government foreign policy resource sites, manufacturers, the defense industrial base, and many other companies from varied industries.
In a watering hole attack, attackers compromise and manipulate a Website to serve up malware to site visitors. However, the attackers’ motivations in this kind of an attack is different from those hacking sites as a form of protest or intent on stealing information or money. Instead, these attackers are taking advantage of insecure sites and applications to target the class of users likely to visit that particular site.
Hackers don’t necessarily get a better level of targeting with watering hole attacks, but they do gain a degree of efficiency with these types of attacks. It’s simple to Googledork sites looking for vulnerable versions of web servers to infect, rather than spending time doing reconnaissance on social networks and forums, and building complex profiles of people and the systems they use.
How to defend – Update update and update !!
Developers are “typically soft targets,” as they have extensive access to internal resources and often have administrator (or high-privileges) rights on their own computers, according to Rich Mogull, analyst and CEO of Securosis. Developers spend a lot of time on various developer sites and may take part in forum discussions. A lot of these forum sites don’t have the best security in place and are vulnerable to compromise.
From a user’s standpoint, this just highlights the importance of keeping your security tools, software, and operating system up-to-date with the latest patches. Attackers aren’t just using zero-days; many of the attacks actually rely on old, known, vulnerabilities because people just don’t update regularly. If your job requires you to access sites that use Java, have a dedicated browser for those sites, and disable Java in the default browser to access the rest of the Web.