SlideShare a Scribd company logo

What is the watering hole techniqueThe term watering hole” refer.docx

Download as DOCX, PDF
S
sorayan5ywschuit

What is the watering hole technique? The term “watering hole” refers to initiating an attack against targeted businesses and organizations. In a watering hole attack scenario, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. How does a watering hole technique work? A watering hole attack typically works this way: Attackers gather strategic information that they can use to gain entry into their targeted organization. This step can be compared to a military reconnaissance mission. The information gathered may include insights on trusted websites often visited by the employees or members of their targeted entity. The process of selecting websites to compromise was initially dubbed “strategic web compromises.” Attackers insert an exploit into the selected sites. Once targeted victims visit the compromised site, the exploit takes advantage of software vulnerabilities, either old or new, to drop malware. The dropped malware may be in the form of a remote access Trojan (RAT), which allows attackers to access sensitive data and take control of the vulnerable system. Where is this attack technique used? Watering hole attacks were previously documented in several high-profile cases which include: VOHO. In mid-2012 RSA identified a campaign known as VOHO, which was aimed at a particular group of organizations, specifically those involved with business and local government agencies in certain geographic areas. The attackers compromised carefully selected sites by inserting malicious JavaScript to deliver a Gh0st RAT variant. Gh0st RATs were previously seen in other attacks that targeted civic organizations and diplomatic entities worldwide. Attack on high-profile groups. Just before the end of 2012, the Council on Foreign Relations (CFR) website was compromised to host a zero-day exploit in Internet Explorer. Those who visited the site were served with a backdoor malware. Microsoft addressed this vulnerability though the Microsoft Security Bulletin MS13-008. Why is it effective? Attackers incorporate strategies to circumvent the targeted organizations’ defenses in order for watering hole attacks to be effective. These may come in the form of outdated systems or simply human error. In watering hole attacks, the goal is not to serve malware to as many systems possible. Instead, the attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. This makes the watering hole technique effective in delivering its intended payload. Aside from carefully choosing sites to compromise, watering hole attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. This doesn’t mean that attackers don’t target patched system vulnerabilities. Because of patch management difficulties in an enterprise setting, IT administrators may delay deploying critical upda.

Education
1 of 4
What is the watering hole technique? The term “watering hole” refers to initiating an attack against targeted businesses and organizations. In a watering hole attack scenario, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. How does a watering hole technique work? A watering hole attack typically works this way: Attackers gather strategic information that they can use to gain entry into their targeted organization. This step can be compared to a military reconnaissance mission. The information gathered may include insights on trusted websites often visited by the employees or members of their targeted entity. The process of selecting websites to compromise was initially dubbed “strategic web compromises.” Attackers insert an exploit into the selected sites. Once targeted victims visit the compromised site, the exploit takes advantage of software vulnerabilities, either old or new, to drop malware. The dropped malware may be in the form of a remote access Trojan (RAT), which allows attackers to access sensitive data and take control of the vulnerable system. Where is this attack technique used? Watering hole attacks were previously documented in several high-profile cases which include: VOHO. In mid-2012 RSA identified a campaign known as VOHO, which was aimed at a particular group of organizations, specifically those involved with business and local government agencies in certain geographic areas. The attackers compromised carefully selected sites by inserting malicious JavaScript to deliver a Gh0st RAT variant. Gh0st RATs were previously seen in other attacks that targeted civic organizations and diplomatic entities worldwide. Attack on high-profile groups. Just before the end of 2012, the Council on Foreign Relations (CFR) website was compromised to host a zero-day exploit in Internet Explorer. Those who visited the site were served with a backdoor malware. Microsoft
addressed this vulnerability though the Microsoft Security Bulletin MS13-008. Why is it effective? Attackers incorporate strategies to circumvent the targeted organizations’ defenses in order for watering hole attacks to be effective. These may come in the form of outdated systems or simply human error. In watering hole attacks, the goal is not to serve malware to as many systems possible. Instead, the attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. This makes the watering hole technique effective in delivering its intended payload. Aside from carefully choosing sites to compromise, watering hole attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. This doesn’t mean that attackers don’t target patched system vulnerabilities. Because of patch management difficulties in an enterprise setting, IT administrators may delay deploying critical updates. This window of exposure may lead to a targeted attack leveraging old, but reliable vulnerabilities. Who are the targets of a watering hole attack? The watering hole technique is used in targeted attacks that aim to gather confidential information and intelligence from the following organizations: Various businesses Human rights groups Government offices The stolen information, in turn, may be used to initiate more damaging attacks against the affected organization. What is the impact of these attacks? The social engineering technique used in watering hole attacks is strategic. Unlike a usual social engineering attack, threat actors employing the watering hole technique carefully select the most appropriate legitimate sites to compromise, instead of targeting random sites. Because the watering hole technique
targets trusted and frequented sites, relying on solely visiting trusted sites to avoid online threats may not be an effective practice. In cases where watering hole attacks lead to a RAT, attackers can also execute commands on infected servers. These include spying and monitoring the activities of the target organization. Because an attacker was able to infiltrate a targeted organization’s network, they can also initiate attacks that are harmful to the organization’s operations, which include modifying or deleting files with crucial information. We may be seeing more of attacks using watering hole in the future. Trend Micro vice president for cyber security Tom Kellermann predicted that because of its better methodology, watering hole attacks can become a more popular way to pollute trusted sites in 2013. What can I do to prevent these attacks? Timely software updating. For watering hole attacks that employ old vulnerabilities, an organization’s best defense is to update systems with the latest software patches offered by vendors. Vulnerability shielding. Also known as “virtual patching,” it operates on the premise that exploits take a definable network path in order to use a vulnerability. Vulnerability shielding helps administrators scan suspicious traffic as well as any deviations from the typical protocols used. Thus, this monitoring empowers system administrators to prevent exploits. Network traffic detection. Though attackers may incorporate different exploits or payloads in their attack, the traffic generated by the final malware when communicating with the command-and-control servers remains consistent. By detecting these communications, organizations can readily implement security measures to prevent the attack from further escalating. Technologies such as Trend Micro Deep Discovery can aid IT administrators in detecting suspicious network traffic. Correlating well-known APT activities. Using big data analytics, organizations can gain insight on whether they are
affected by a targeted attack by correlating and associating in- the-wild cybercrime activities with what is happening on an enterprise’ network. Organizations should also consider building their own local intelligence to document previous cases of targeted attacks within the company. These enable organizations to spot possible correlations and insights needed to create an effective action or recovery plan.

Recommended

Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 

Recommended

Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
cyber security
cyber securitycyber security
cyber securityNaveed Ahmed Siddiqui
 
Em36849854
Em36849854Em36849854
Em36849854IJERA Editor
 
Malware Infections
Malware InfectionsMalware Infections
Malware InfectionsJessica Howard
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptxMahalakshmiShetty3
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service AttackStephanie Williams
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide- Mark - Fullbright
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedJennifer Campbell
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecCMR WORLD TECH
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecErfan Mallick
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 
What the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docxWhat the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docxsorayan5ywschuit
 
What role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docxWhat role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docxsorayan5ywschuit
 

More Related Content

Similar to What is the watering hole techniqueThe term watering hole” refer.docx

Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service AttackStephanie Williams
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedJennifer Campbell
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarMandy Cross
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecCMR WORLD TECH
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecErfan Mallick
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 

Similar to What is the watering hole techniqueThe term watering hole” refer.docx (20)

cyber security
cyber securitycyber security
cyber security
 
Em36849854
Em36849854Em36849854
Em36849854
 
Malware Infections
Malware InfectionsMalware Infections
Malware Infections
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent Involved
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
 

More from sorayan5ywschuit

What the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docxWhat the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docxsorayan5ywschuit
 
What role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docxWhat role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docxsorayan5ywschuit
 
What sorts of external trends should iRobot pay attention to  Why .docx
What sorts of external trends should iRobot pay attention to  Why .docxWhat sorts of external trends should iRobot pay attention to  Why .docx
What sorts of external trends should iRobot pay attention to  Why .docxsorayan5ywschuit
 
What makes us unique as a speciesWhat hominid characteristic(s) a.docx
What makes us unique as a speciesWhat hominid characteristic(s) a.docxWhat makes us unique as a speciesWhat hominid characteristic(s) a.docx
What makes us unique as a speciesWhat hominid characteristic(s) a.docxsorayan5ywschuit
 
What role, if any, do you think juveniles play in the current negati.docx
What role, if any, do you think juveniles play in the current negati.docxWhat role, if any, do you think juveniles play in the current negati.docx
What role, if any, do you think juveniles play in the current negati.docxsorayan5ywschuit
 
What led to the creation of the Sarbanes-Oxley Act and when was it.docx
What led to the creation of the Sarbanes-Oxley Act and when was it.docxWhat led to the creation of the Sarbanes-Oxley Act and when was it.docx
What led to the creation of the Sarbanes-Oxley Act and when was it.docxsorayan5ywschuit
 
What role do audiences play in creating popular culture Explain how.docx
What role do audiences play in creating popular culture Explain how.docxWhat role do audiences play in creating popular culture Explain how.docx
What role do audiences play in creating popular culture Explain how.docxsorayan5ywschuit
 
What role do the gods play in the Illiad First, use passages from t.docx
What role do the gods play in the Illiad First, use passages from t.docxWhat role do the gods play in the Illiad First, use passages from t.docx
What role do the gods play in the Illiad First, use passages from t.docxsorayan5ywschuit
 
What is your relationship to writing Discuss something about writin.docx
What is your relationship to writing Discuss something about writin.docxWhat is your relationship to writing Discuss something about writin.docx
What is your relationship to writing Discuss something about writin.docxsorayan5ywschuit
 
What reasons are given for the enduring popularity of Edward Hopper.docx
What reasons are given for the enduring popularity of Edward Hopper.docxWhat reasons are given for the enduring popularity of Edward Hopper.docx
What reasons are given for the enduring popularity of Edward Hopper.docxsorayan5ywschuit
 
What methods, specifically, have citizens utilized to influenc.docx
What methods, specifically, have citizens utilized to influenc.docxWhat methods, specifically, have citizens utilized to influenc.docx
What methods, specifically, have citizens utilized to influenc.docxsorayan5ywschuit
 
What is your position on the debate about national ID cards Autho.docx
What is your position on the debate about national ID cards Autho.docxWhat is your position on the debate about national ID cards Autho.docx
What is your position on the debate about national ID cards Autho.docxsorayan5ywschuit
 
What problems arise when a species is introduced from a foreign ecos.docx
What problems arise when a species is introduced from a foreign ecos.docxWhat problems arise when a species is introduced from a foreign ecos.docx
What problems arise when a species is introduced from a foreign ecos.docxsorayan5ywschuit
 
What is your favorite ad that you have ever seen  Please describe.docx
What is your favorite ad that you have ever seen  Please describe.docxWhat is your favorite ad that you have ever seen  Please describe.docx
What is your favorite ad that you have ever seen  Please describe.docxsorayan5ywschuit
 
What methodologies have been used for data breachesDifferent type.docx
What methodologies have been used for data breachesDifferent type.docxWhat methodologies have been used for data breachesDifferent type.docx
What methodologies have been used for data breachesDifferent type.docxsorayan5ywschuit
 
What kinds of cultural changes will hospitals have to make in order .docx
What kinds of cultural changes will hospitals have to make in order .docxWhat kinds of cultural changes will hospitals have to make in order .docx
What kinds of cultural changes will hospitals have to make in order .docxsorayan5ywschuit
 
What kind of research might have helped MySpace continue to compete .docx
What kind of research might have helped MySpace continue to compete .docxWhat kind of research might have helped MySpace continue to compete .docx
What kind of research might have helped MySpace continue to compete .docxsorayan5ywschuit
 
What is validating form data and explain the issue with the isset fu.docx
What is validating form data and explain the issue with the isset fu.docxWhat is validating form data and explain the issue with the isset fu.docx
What is validating form data and explain the issue with the isset fu.docxsorayan5ywschuit
 
What is your definition of Social JusticeAfter reviewing another .docx
What is your definition of Social JusticeAfter reviewing another .docxWhat is your definition of Social JusticeAfter reviewing another .docx
What is your definition of Social JusticeAfter reviewing another .docxsorayan5ywschuit
 
What is the purpose of theory and how does this differ from a conjec.docx
What is the purpose of theory and how does this differ from a conjec.docxWhat is the purpose of theory and how does this differ from a conjec.docx
What is the purpose of theory and how does this differ from a conjec.docxsorayan5ywschuit
 

More from sorayan5ywschuit (20)

What the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docxWhat the mass media offers is not popular art, but entertainment wh.docx
What the mass media offers is not popular art, but entertainment wh.docx
 
What role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docxWhat role does discrimination play in perpetuating the assessment of.docx
What role does discrimination play in perpetuating the assessment of.docx
 
What sorts of external trends should iRobot pay attention to  Why .docx
What sorts of external trends should iRobot pay attention to  Why .docxWhat sorts of external trends should iRobot pay attention to  Why .docx
What sorts of external trends should iRobot pay attention to  Why .docx
 
What makes us unique as a speciesWhat hominid characteristic(s) a.docx
What makes us unique as a speciesWhat hominid characteristic(s) a.docxWhat makes us unique as a speciesWhat hominid characteristic(s) a.docx
What makes us unique as a speciesWhat hominid characteristic(s) a.docx
 
What role, if any, do you think juveniles play in the current negati.docx
What role, if any, do you think juveniles play in the current negati.docxWhat role, if any, do you think juveniles play in the current negati.docx
What role, if any, do you think juveniles play in the current negati.docx
 
What led to the creation of the Sarbanes-Oxley Act and when was it.docx
What led to the creation of the Sarbanes-Oxley Act and when was it.docxWhat led to the creation of the Sarbanes-Oxley Act and when was it.docx
What led to the creation of the Sarbanes-Oxley Act and when was it.docx
 
What role do audiences play in creating popular culture Explain how.docx
What role do audiences play in creating popular culture Explain how.docxWhat role do audiences play in creating popular culture Explain how.docx
What role do audiences play in creating popular culture Explain how.docx
 
What role do the gods play in the Illiad First, use passages from t.docx
What role do the gods play in the Illiad First, use passages from t.docxWhat role do the gods play in the Illiad First, use passages from t.docx
What role do the gods play in the Illiad First, use passages from t.docx
 
What is your relationship to writing Discuss something about writin.docx
What is your relationship to writing Discuss something about writin.docxWhat is your relationship to writing Discuss something about writin.docx
What is your relationship to writing Discuss something about writin.docx
 
What reasons are given for the enduring popularity of Edward Hopper.docx
What reasons are given for the enduring popularity of Edward Hopper.docxWhat reasons are given for the enduring popularity of Edward Hopper.docx
What reasons are given for the enduring popularity of Edward Hopper.docx
 
What methods, specifically, have citizens utilized to influenc.docx
What methods, specifically, have citizens utilized to influenc.docxWhat methods, specifically, have citizens utilized to influenc.docx
What methods, specifically, have citizens utilized to influenc.docx
 
What is your position on the debate about national ID cards Autho.docx
What is your position on the debate about national ID cards Autho.docxWhat is your position on the debate about national ID cards Autho.docx
What is your position on the debate about national ID cards Autho.docx
 
What problems arise when a species is introduced from a foreign ecos.docx
What problems arise when a species is introduced from a foreign ecos.docxWhat problems arise when a species is introduced from a foreign ecos.docx
What problems arise when a species is introduced from a foreign ecos.docx
 
What is your favorite ad that you have ever seen  Please describe.docx
What is your favorite ad that you have ever seen  Please describe.docxWhat is your favorite ad that you have ever seen  Please describe.docx
What is your favorite ad that you have ever seen  Please describe.docx
 
What methodologies have been used for data breachesDifferent type.docx
What methodologies have been used for data breachesDifferent type.docxWhat methodologies have been used for data breachesDifferent type.docx
What methodologies have been used for data breachesDifferent type.docx
 
What kinds of cultural changes will hospitals have to make in order .docx
What kinds of cultural changes will hospitals have to make in order .docxWhat kinds of cultural changes will hospitals have to make in order .docx
What kinds of cultural changes will hospitals have to make in order .docx
 
What kind of research might have helped MySpace continue to compete .docx
What kind of research might have helped MySpace continue to compete .docxWhat kind of research might have helped MySpace continue to compete .docx
What kind of research might have helped MySpace continue to compete .docx
 
What is validating form data and explain the issue with the isset fu.docx
What is validating form data and explain the issue with the isset fu.docxWhat is validating form data and explain the issue with the isset fu.docx
What is validating form data and explain the issue with the isset fu.docx
 
What is your definition of Social JusticeAfter reviewing another .docx
What is your definition of Social JusticeAfter reviewing another .docxWhat is your definition of Social JusticeAfter reviewing another .docx
What is your definition of Social JusticeAfter reviewing another .docx
 
What is the purpose of theory and how does this differ from a conjec.docx
What is the purpose of theory and how does this differ from a conjec.docxWhat is the purpose of theory and how does this differ from a conjec.docx
What is the purpose of theory and how does this differ from a conjec.docx
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 

Recently uploaded (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 

What is the watering hole techniqueThe term watering hole” refer.docx

  • 1. What is the watering hole technique? The term “watering hole” refers to initiating an attack against targeted businesses and organizations. In a watering hole attack scenario, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. How does a watering hole technique work? A watering hole attack typically works this way: Attackers gather strategic information that they can use to gain entry into their targeted organization. This step can be compared to a military reconnaissance mission. The information gathered may include insights on trusted websites often visited by the employees or members of their targeted entity. The process of selecting websites to compromise was initially dubbed “strategic web compromises.” Attackers insert an exploit into the selected sites. Once targeted victims visit the compromised site, the exploit takes advantage of software vulnerabilities, either old or new, to drop malware. The dropped malware may be in the form of a remote access Trojan (RAT), which allows attackers to access sensitive data and take control of the vulnerable system. Where is this attack technique used? Watering hole attacks were previously documented in several high-profile cases which include: VOHO. In mid-2012 RSA identified a campaign known as VOHO, which was aimed at a particular group of organizations, specifically those involved with business and local government agencies in certain geographic areas. The attackers compromised carefully selected sites by inserting malicious JavaScript to deliver a Gh0st RAT variant. Gh0st RATs were previously seen in other attacks that targeted civic organizations and diplomatic entities worldwide. Attack on high-profile groups. Just before the end of 2012, the Council on Foreign Relations (CFR) website was compromised to host a zero-day exploit in Internet Explorer. Those who visited the site were served with a backdoor malware. Microsoft
  • 2. addressed this vulnerability though the Microsoft Security Bulletin MS13-008. Why is it effective? Attackers incorporate strategies to circumvent the targeted organizations’ defenses in order for watering hole attacks to be effective. These may come in the form of outdated systems or simply human error. In watering hole attacks, the goal is not to serve malware to as many systems possible. Instead, the attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. This makes the watering hole technique effective in delivering its intended payload. Aside from carefully choosing sites to compromise, watering hole attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. This doesn’t mean that attackers don’t target patched system vulnerabilities. Because of patch management difficulties in an enterprise setting, IT administrators may delay deploying critical updates. This window of exposure may lead to a targeted attack leveraging old, but reliable vulnerabilities. Who are the targets of a watering hole attack? The watering hole technique is used in targeted attacks that aim to gather confidential information and intelligence from the following organizations: Various businesses Human rights groups Government offices The stolen information, in turn, may be used to initiate more damaging attacks against the affected organization. What is the impact of these attacks? The social engineering technique used in watering hole attacks is strategic. Unlike a usual social engineering attack, threat actors employing the watering hole technique carefully select the most appropriate legitimate sites to compromise, instead of targeting random sites. Because the watering hole technique
  • 3. targets trusted and frequented sites, relying on solely visiting trusted sites to avoid online threats may not be an effective practice. In cases where watering hole attacks lead to a RAT, attackers can also execute commands on infected servers. These include spying and monitoring the activities of the target organization. Because an attacker was able to infiltrate a targeted organization’s network, they can also initiate attacks that are harmful to the organization’s operations, which include modifying or deleting files with crucial information. We may be seeing more of attacks using watering hole in the future. Trend Micro vice president for cyber security Tom Kellermann predicted that because of its better methodology, watering hole attacks can become a more popular way to pollute trusted sites in 2013. What can I do to prevent these attacks? Timely software updating. For watering hole attacks that employ old vulnerabilities, an organization’s best defense is to update systems with the latest software patches offered by vendors. Vulnerability shielding. Also known as “virtual patching,” it operates on the premise that exploits take a definable network path in order to use a vulnerability. Vulnerability shielding helps administrators scan suspicious traffic as well as any deviations from the typical protocols used. Thus, this monitoring empowers system administrators to prevent exploits. Network traffic detection. Though attackers may incorporate different exploits or payloads in their attack, the traffic generated by the final malware when communicating with the command-and-control servers remains consistent. By detecting these communications, organizations can readily implement security measures to prevent the attack from further escalating. Technologies such as Trend Micro Deep Discovery can aid IT administrators in detecting suspicious network traffic. Correlating well-known APT activities. Using big data analytics, organizations can gain insight on whether they are
  • 4. affected by a targeted attack by correlating and associating in- the-wild cybercrime activities with what is happening on an enterprise’ network. Organizations should also consider building their own local intelligence to document previous cases of targeted attacks within the company. These enable organizations to spot possible correlations and insights needed to create an effective action or recovery plan.