SlideShare a Scribd company logo

Watering hole attacks detect the undetectable

Download as PPTX, PDF
P
PaladionNetworks01

In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.

Technology
1 of 11
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level STRICTLY PRIVATE & CONFIDENTIAL © 20151 Watering hole Attack – Detect the Undetectable
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 2 STRICTLY PRIVATE & CONFIDENTIAL © 2015 What is a watering hole?  In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.  The cyber world equivalent is a an attacker leveraging a trusted website which is frequented by potential victims.
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 3 STRICTLY PRIVATE & CONFIDENTIAL © 2015 The attack  It is an indirect, 2-step attack where the attacker first compromises a trusted resource (typically by exploiting some vulnerability) and injects a piece of malicious code on the system.  When a potential victim visits the resource, the malicious code infects their system.
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 4 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Can be used for ?  Infecting the victims with malicious code to achieve an end goal like,  Ransomware  Data exfiltration  adware
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 5 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Challenges  Indirect attack  Difficult to detect  Exploit the ‘trust’ placed in the resources which are commonly frequented (can be social networking sites, forums, sport scores etc.)  Might bypass security measures  Aimed at more than one victim  Can even prove effective against victims resistant to spear phishing
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 6 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Story  Attacker canvases the victims (a company, a community, government agency etc.) to identify potential trusted resources  Compromises the trusted resource and places malicious code  Waits for victims to visit the ‘watering hole’, i.e. the trusted resource  Victim visits the compromised resource  Victim gets infected by malicious code  The malicious code could be an exploit kit or malware or ransomware
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 7 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Additional details  Can target sections which have less-stringent security to bypass controls  Ex. – target common users and infect them to gain entry to internal network and then leverage it to gain access to more critical resources
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 8 STRICTLY PRIVATE & CONFIDENTIAL © 2015 What we do ?  A heuristic model comprising of data science and machine learning  Monitors and profiles user activity  Multiple parameters considered like:  Type of connection  Number of connections  Size of data transferred  Format of data etc.  Based on profiling the platform is able to detect whether a potential watering hole attack occurred in the network.
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 9 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Additional details  The model is designed to identify the “behavior” of watering hole – due to this we have seen outcomes where multiple people downloaded the chrome browser update in the same time frame.. this output is not a false positive because the ‘trust’ that was breached could be resource that hosts chrome updates and can only be ignored after proper validation.
Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 10 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Detection of Watering Hole attack
11 STRICTLY PRIVATE & CONFIDENTIAL © 2015© 2015 PALADION NETWORKS PRIVATE LIMITED | WWW.PALADION.NET | CONFIDENTIAL 11

Recommended

Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Curl Tutorial
Curl Tutorial Curl Tutorial
Curl Tutorial Ankireddy Polu
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap ProtocolGlen Plantz
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 

Recommended

Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Curl Tutorial
Curl Tutorial Curl Tutorial
Curl Tutorial Ankireddy Polu
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap ProtocolGlen Plantz
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationVishal Kumar
 
Managing the SSL Process
Managing the SSL ProcessManaging the SSL Process
Managing the SSL ProcessRocket Software
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringTimothy Spann
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architectureVishnupriya T H
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
State Diagrams
State DiagramsState Diagrams
State DiagramsVaidik Trivedi
 
How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomwarePaladionNetworks01
 
3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile worldPaladionNetworks01
 

More Related Content

What's hot

OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationVishal Kumar
 
Managing the SSL Process
Managing the SSL ProcessManaging the SSL Process
Managing the SSL ProcessRocket Software
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringTimothy Spann
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architectureVishnupriya T H
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 

What's hot (20)

OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET Framework
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
 
Managing the SSL Process
Managing the SSL ProcessManaging the SSL Process
Managing the SSL Process
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and Spring
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architecture
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ Zone
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
State Diagrams
State DiagramsState Diagrams
State Diagrams
 

Similar to Watering hole attacks detect the undetectable

3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile worldPaladionNetworks01
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar SessionKalilur Rahman
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...eGov Magazine
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Duo Security
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Why Security Matters for Marketers
Why Security Matters for MarketersWhy Security Matters for Marketers
Why Security Matters for MarketersHubSpot
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 

Similar to Watering hole attacks detect the undetectable (20)

How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomware
 
3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world3 ways to lose your identity in the mobile world
3 ways to lose your identity in the mobile world
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar Session
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
 
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
Advanced Threat protection – Digital Era - Ajit Pillai, Director Sales – Indi...
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
W verb68
W verb68W verb68
W verb68
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Why Security Matters for Marketers
Why Security Matters for MarketersWhy Security Matters for Marketers
Why Security Matters for Marketers
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Watering hole attacks detect the undetectable

  • 1. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level STRICTLY PRIVATE & CONFIDENTIAL © 20151 Watering hole Attack – Detect the Undetectable
  • 2. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 2 STRICTLY PRIVATE & CONFIDENTIAL © 2015 What is a watering hole?  In the real world, a water hole is a source of water where many animals gather to quench their thirst. This makes a water hole an ideal spot for a hunter.  The cyber world equivalent is a an attacker leveraging a trusted website which is frequented by potential victims.
  • 3. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 3 STRICTLY PRIVATE & CONFIDENTIAL © 2015 The attack  It is an indirect, 2-step attack where the attacker first compromises a trusted resource (typically by exploiting some vulnerability) and injects a piece of malicious code on the system.  When a potential victim visits the resource, the malicious code infects their system.
  • 4. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 4 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Can be used for ?  Infecting the victims with malicious code to achieve an end goal like,  Ransomware  Data exfiltration  adware
  • 5. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 5 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Challenges  Indirect attack  Difficult to detect  Exploit the ‘trust’ placed in the resources which are commonly frequented (can be social networking sites, forums, sport scores etc.)  Might bypass security measures  Aimed at more than one victim  Can even prove effective against victims resistant to spear phishing
  • 6. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 6 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Story  Attacker canvases the victims (a company, a community, government agency etc.) to identify potential trusted resources  Compromises the trusted resource and places malicious code  Waits for victims to visit the ‘watering hole’, i.e. the trusted resource  Victim visits the compromised resource  Victim gets infected by malicious code  The malicious code could be an exploit kit or malware or ransomware
  • 7. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 7 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Additional details  Can target sections which have less-stringent security to bypass controls  Ex. – target common users and infect them to gain entry to internal network and then leverage it to gain access to more critical resources
  • 8. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 8 STRICTLY PRIVATE & CONFIDENTIAL © 2015 What we do ?  A heuristic model comprising of data science and machine learning  Monitors and profiles user activity  Multiple parameters considered like:  Type of connection  Number of connections  Size of data transferred  Format of data etc.  Based on profiling the platform is able to detect whether a potential watering hole attack occurred in the network.
  • 9. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 9 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Additional details  The model is designed to identify the “behavior” of watering hole – due to this we have seen outcomes where multiple people downloaded the chrome browser update in the same time frame.. this output is not a false positive because the ‘trust’ that was breached could be resource that hosts chrome updates and can only be ignored after proper validation.
  • 10. Click to edit Master title style STRICTLY PRIVATE & CONFIDENTIAL © 2015  Click to edit Master text styles  Second level  Third level  Fourth level  Fifth level 10 STRICTLY PRIVATE & CONFIDENTIAL © 2015 Detection of Watering Hole attack
  • 11. 11 STRICTLY PRIVATE & CONFIDENTIAL © 2015© 2015 PALADION NETWORKS PRIVATE LIMITED | WWW.PALADION.NET | CONFIDENTIAL 11