Beware of the watering hole: How cyber criminals are stealing data through poisoned web applications
Sometimes the most effective way to catch prey is to make the prey come to you. It’s a concept that attackers have long been familiar with, and one that’s now being leveraged in new ways: The watering hole attack.
A watering hole attack targets a specific group of users by infecting the web applications they use and visit. This particular attack can be difficult to detect because it’s not directed at one individual user, but rather a specific group of users. The goal is to infect devices and gain access to networks with sensitive and valuable information.
Attackers take the time to unearth information about their targets. First, they locate sites used by the target group — typically, social media and message boards. The attacker then sends a customised phishing email, with a malicious attachment, tailored to the target’s interests. Once the target clicks the link or attachment and lands on the infected page, they become easy prey.
One visit to a watering hole can sink your business
Although watering hole attacks are time consuming to set up, they’re more common than business owners would think. They can affect an entire business operation by breaching security using a single point of entry.
Criminals have started utilising watering hole attacks to significantly multiply potential targets, making them difficult for business owners to protect against. These attacks target highly-secure businesses, exploiting system vulnerability through their less security-conscious employees and partners. Once attackers breach the first layer, they gain access to, expose or steal highly sensitive data — usually without being detected.
Fortunately, your business can avoid falling into the watering hole trap
By using a layered security approach, businesses can minimise their risk of being targeted by a watering hole attack. A robust multi-layer defence system that includes secure access, advanced endpoint protection, and secure cloud backup can all minimise the impact of a watering hole attack.
Make sure that all network users are trained to recognise and avoid threats
Users tend to be less cautious when they’re on sites they regularly visit, so make sure they’re reminded to stay aware of their surroundings, and trained to not click on suspicious links or bypass security warnings.
Only grant third-party site permission to do exactly what’s required. Nothing else.
Some sites require additional permissions, like the ability to send emails or update data. Grant users only the permissions they absolutely require in these instances, so they can’t abuse their access in the future.
Monitor in real-time
You can use web proxies to detect, and block, common exploits.You can also use web logging to track suspicious activity on your network.
Block employees from using devices to access non-work related websites
This will not only ensure that bandwidth is preserved but also, more importantly, greatly reduces the risk of an employee clicking on a phishing link that could jeopardise your entire network.
Rely on the safety net of online backup across your business
Attacks happen. Especially watering hole attacks. However, by implementing the right cloud-based backup, sensitive data can be fortified within a premium storage facility, which can be easily accessed and restored at any time.
Your workforce is your first line of defence
Attackers are getting smarter by the day. As attacks become more sophisticated, it’s essential that businesses stay one step ahead of them. One way to do this is to regularly educate employees about the latest threats and how to avoid them; how to guard against common pitfalls and phishing attacks; and most importantly, how to leverage the power of cloud backup to keep business data safe and secure.
