Tag Archives: cyber attack

News

Tech Insight : What Is A ‘Watering Hole’ Attack?

In this tech insight, we look at what a watering hole attack is, some examples of such attacks, and how businesses can defend against this threat.

Poisoning The Water

A watering hole attack is a targeted, ‘supply chain,’ cyber-attack strategy, similar to spear phishing. With this strategy, the attacker identifies a website that’s frequented by users of a targeted organisation, or entire sector. The attacker then infects the website(s) with malware and identifies weaknesses in the main target’s cyber-security. The attacker then manipulates the ‘watering hole’ site to deliver that malware, such as a Remote Access Trojan (RAT), so that it can exploit these weaknesses.
When a member of the target organisation’s device becomes infected (like drinking from a poisoned watering hole, hence the name) in a way that the target will not notice (also known as ‘drive by’), the attacker can then gain access to the infected device. This can, in turn, enable the attacker to access the target organisation’s network

Stealing and Spying

The goal(s) of this strategy, as with other strategies is/are to steal personal information, banking details, and intellectual property, and/or to conduct espionage. Also, it can enable the attacker to access corporate systems and assets, and potentially gain further details for even more cyber-attacks.

Examples

Examples of watering hole attacks include:

– The VOHO multi-phase Campaign. Back in 2012, attackers compromised a local government website in Maryland and a regional bank in Massachusetts, along with other sites related to the promotion of democracy in oppressed regions. The targets were organisations related to financial services, government agencies, and the defence industry, and the attack involved the use of re-directs and infection by Gh0st RAT malware. The attack saw 32,000 visitors from 731 unique global organisations being re-directed to an exploit site where around 4,000 hosts are believed to have downloaded exploit files, leading to a staggering 12 percent success rate for the attackers.

– From 2017 to 2018, a country-level watering-hole attack was launched in China by the “LuckyMouse”/ “Iron Tiger” group. This espionage campaign was reported to have targeted a national data centre of an unnamed central Asian country. The attackers injected malicious JavaScript code into the official government websites.

– The 2019 ‘Holy Water’ attack targeted Asian religious and charity groups. The attackers used an Adobe Flash update prompt to trigger the malware download. Although the motive was unclear, the attack may have been used for espionage.

How To Protect Your Business From Watering Hole Attacks

Ways that you can protect your business from watering hole attacks include:

– Keep anti-virus and software patches up to date.

– Use browser-based security tools to inform users of bad sites (bad reputation) and extra malware protection.

– Have a good email protection solution and consider using a secure web gateway (SWG) to filter out suspect traffic.

– Regularly inspect and monitor websites that are most visited by employees with a focus on malware detection. Also, have a procedure in place to quickly inform employees not to visit sites that have been identified as compromised.

– Check traffic from all third party and external sites before allowing employee access.

– Assess, know, and control the full extent of your supply chain (a watering hole attack is a supply chain attack).

– Educate/inform and train employees about the nature of the threat and how to avoid it.

– Never click on unknown/suspect links in emails or websites and exercise caution at all times when browsing.

– Consider adopting a ‘zero trust ‘security approach for the business/organisation.

What Does This Mean For Your Business?

This is broadly a supply-chain related attack (web resources) where instead of actively hacking or sending phishing emails, the criminals set traps for unsuspecting victims to walk into. In this respect, it is less obvious for businesses to spot. The first step is recognising and raising awareness of the threat. Following normal security good practice is always helpful plus some additional measures in this case such as identifying, regularly inspecting and monitoring websites that are most visited by employees and focusing on what additional malware protection can be added to employees’ browsers and devices. With an increasing number of more complex and inventive attack methods, many businesses are shifting to a complete ‘Zero Trust’ approach for their IT security. A more a data-centred rather than ‘moat and castle’ view of IT security gives companies greater holistic control and reduces the potential for the kind of gaps that cyber criminals can exploit with strategies like watering hole attacks.

News

Top tips for working from home security

The coronavirus pandemic has changed the working landscape for everyone. Many people are working from home having set up makeshift offices in their dining room.

Working from home

But working from home has its risks. In a Government daily briefing, Foreign Secretary Dominic Raab, highlighted the rise in cyber hackers looking to exploit vulnerabilities in an attempt to steal valuable information.

“Whilst the vast majority of people have come together to defeat coronavirus, there will always be some who seek to exploit a crisis for their own criminal and hostile ends,” he said. “We know that cyber criminals, and other malicious groups are targeting individuals, businesses and other organisations by deploying Covid-19 related scams and phishing emails.

“We are working with the targets of those attacks, with the potential targets and with others to make sure that they are aware of the cyber threat, and that they can take the steps necessary to protect themselves or, at the very least, mitigate the harm that could be brought against them.”

Here are SMY IT Service’s top tips for minimising the threat of a cyber-attack.

1. Secure your Wi-Fi network

When you set up your home Wi-Fi network or receive your free router, did you change the default name and password for the admin console? If it still has the original details, your network is highly vulnerable.
We also recommend you change the network’s name (sometimes referred to as SSID) and password to something unique which will prevent a cybercriminal from accessing your network.
When carrying out sensitive tasks such as online banking, it is safer to connect via your mobile data than using public and free Wi-Fi connections.

2. Provide employees with cybersecurity awareness training

More than 90% of all data breaches are caused by human error due to inadequate training in cybersecurity risks. One wrong click from an employee in a phishing email or fake website can bring down the most robust of IT systems. Therefore, employees should be the greatest security asset and act as a ‘human firewall’ in being the first line of defence in preventing an attack. Those using the system need to understand the risks, what a cyberattack looks like and what they should do in the event of an attack.
Be as wary, if not more so of any email you receive remotely, especially those claiming to be from a manager or the boss where it can be harder to verify its authenticity.

3. Firewalls and antivirus software

Firewalls act as a defence to prevent threats accessing your system. They create a barrier between your device and the internet by closing off ports of communication. A strong antivirus programme acts as the next line of defence by detecting and blocking known malware. Even if malware does find a way onto your device, an antivirus can detect this and usually remove it.

4. Regularly install updates

You might find that regular software updates are a nuisance, but they are vital. Updates often include patches for security vulnerabilities that have been found since the previous software update was installed. The majority of the time, updates can be set to run automatically while you are on a lunch break or overnight.
We suggest checking the status under Settings\Update & Security for Windows or under System Preferences\Software Updates for Apple Mac and install any that are missing.

5. Backup data

Your data is one of your business’ most prized assets, so it is imperative that it is backed up. Data can be lost in several ways including human error, physical damage to hardware or a cyberattack. One of the most convenient and cost-effective ways to store your data is in the cloud. This has the added benefit of allowing you to access your data remotely and on different devices.
Many users often save their files to their desktop of local PC for convenience, however this means that the file is no longer backed up by the server.

6. Lock your device

It sounds very simple, and it is. By using a password on your device, it prevents anyone from accessing the contents. If you have to work in a public space, or if you live with people who you cannot share work information with, it is important to lock your laptop, tablet, or other device when it is left unattended. For Windows users, this would be by pressing the Windows key and L.
It is also advisable to avoid working on computers directly facing windows where people walking on the street can see your screen.

7. Strong and secure passwords

When choosing a password, ensure it is long and complex. We always advise clients to use a passphrase rather than password and for it to contain a mix of upper and lowercase letters, numbers and symbols as well as to change them every few months. You can simplify your computer security by using effective password management. Check out our top tips for a secure password in our World Password Day blog.

8. Device and data encryption

Encryption is a cybersecurity measure that protects computers and their content by basically scrambling the data. The data, whether it is a message, image, email or other file, is converted into an unreadable format. This means that the data is readable only to the person authorised with the physical encryption key, and not cybercriminals.

If you need advice on working from home securely, don’t hesitate to get in touch with us.