Watering Hole Attacks: Protecting Yourself from the Latest Craze in Cyber Attacks

Grazed from InfosecurityMag. Author: Harold Byun.

Cybercriminals are clever and know how to evolve – you’ve got to give them that. They’ve proven this once again with their latest cyber-attack strategy, the Watering Hole Attack, which leverages cloud services to help gain access to even the most secure and sophisticated enterprises and government agencies.

Attacks Used to be Humorously Simple

In earlier days, attackers operated more simply using emails entitled “ILOVEYOU” or poorly worded messages from Nigerian generals promising untold fortunes of wealth. Over the years, the attacks have evolved into complex spear phishing operations that target specific individuals who can help navigate an organization’s personnel hierarchy or identify digital certificate compromises that lead to command and control over the enterprise infrastructure. In either scenario, the success of the attacks has always been predicated on the fact that users are humans who will occasionally click on or open something that is suspect or compromised…

Now the Bad Guys are getting Smart

More recently, a new, more sophisticated type of attack is hitting the enterprise. The concept behind the watering hole attack is that in order to insert malware into a company, you must stalk an individual or group and place malware on a site that they trust (a “watering hole”), as opposed to in an email that will be quickly discarded…

Read more from the source @ http://www.infosecurity-us.com/blog/2013/9/23/watering-hole-attacks-protecting-yourself-from-the-latest-craze-in-cyber-attacks/1009.aspx