Downloaded 51 times
Uploaded byAlienVault
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
The document outlines a process for executing a watering hole attack, which involves targeting specific websites to exploit vulnerabilities and inject threats. It discusses AlienVault's unified security management (USM) platform that integrates various security capabilities, including threat detection and intelligence. Additionally, it highlights the regular updates provided by AlienVault Labs for actionable security guidance and a call to action for users to try their services.
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
Watering Hole Attacks: Detect End-User Compromise Before the Damage is Done
- 1. Live Demo: GetComplete Security Visibility in Under 1 Hour
- 2. @AlienVault 1. Determine TargetGroup • Attacker Identifies Websites to Target - Based on observation or guessing - Compromising a well-known, legitimate site avoids blacklist issues • Examples - Compromise a desirable applet - Redirect visitors to malicious site - Inject Watering Hole Attack in 4 Easy Steps
- 3. @AlienVault 2. Identify Vulnerabilitieson those Websites • Test web servers, ad servers, web apps, etc for vulnerabilities to exploit 3. Inject Threat into Website • For example, inject HTML or JavaScript to redirect victims to sites hosting malware Watering Hole Attack in 4 Easy Steps
- 4. @AlienVault 4. Sit inthe Tall Grass and Wait for Targets to Come to You - Redirected from compromised site - Eventually compromised by download of malware Watering Hole Attack in 4 Easy Steps
- 5. @AlienVault powered by AV LabsThreat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
- 6. @AlienVault AlienVault Labs threatintelligence: Coordinated Analysis, actionable guidance Weekly updates that cover all your coordinated rule sets: Network-based IDS signatures Host-based IDS signatures Asset discovery and inventory database updates Vulnerability database updates Event correlation rules Report modules and templates Incident response templates / “how to” guidance for each alarm Plug-ins to accommodate new data sources Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
- 7. @AlienVault AlienVault Labs ThreatIntelligence: Coordinated Analysis, actionable Guidance •Updates every 30 minutes •200-350,000 IP validated daily •8,000 Collection points •140 Countries
- 8. @AlienVault Unified Security Management Complete.Simple. Affordable. Delivery Options: Hardware, Virtual, or Cloud-based appliances Open-Source version (OSSIM) also available AlienVault USM provides the five essential security capabilities in one, pre-integrated platform Unified Security Management (USM) Platform AlienVault Labs Threat Intelligence AlienVault Open Threat Exchange
- 9. More Questions? Email Hello@alienvault.com NOWFOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site
Editor's Notes
- #3 Watering hole attack variations have been around for several years, but current techniques became visible in 2012 They are used to target specific industries, regions, or companies by compromising the sites the target group uses frequently. Alternative to Phishing attacks, likely capture more victims than phishing For example, example from a couple of years ago targeted an iOS mobile developer forum and snared developers from Apple, Twitter, and Facebook
- #7 Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.