Pag atake ng butas ng pagtutubig: paano pumapasok ang APT at cyber criminals sa mga secure infrastructures

Pag atake ng butas ng pagtutubig: paano pumapasok ang APT at cyber criminals sa mga secure infrastructures

Pag atake ng WaterHole

Ang aking unang pakikipagtagpo sa mundo ng mga kriminal sa cyber ay naganap sa pamamagitan ng isang kampanya sa pag atake ng butas ng tubig maraming taon na ang nakalilipas. I visited a Persian website and discovered that it was downloading malware onto visitorsbrowsers. I promptly contacted the site administrator, who informed me that they had no technical knowledge of the issue. It became apparent that they were using an outdated CMS with well-known security vulnerabilities, which criminals were exploiting to target specific audiences and spread malware.

Pag atake ng butas ng pagtutubig are some of the methods favored by cyber criminals and advanced persistent threat (APTs). In these attacks, cybercriminals use a tactic calledstrategic web compromise” (SWC) to gain access to the victim’s organization’s network. By identifying websites frequently visited by target users, an attacker can infect those websites with malware and download it to an unsuspecting usersdevice.

Malware used in watering hole attacks is designed to evade detection and remain undetected on the target’s device, giving attackers continuous access to sensitive information. This type of attack is of particular concern because it can go undetected for long periods of time, allowing attackers to gather sensitive information over time.

One type of commonly used malware in watering hole attacks is polymorphic malware. Polymorphic malware is a type of malicious software designed to constantly change its code and appearance in order to avoid detection by antivirus software and other security measures. This type of malware is particularly dangerous as it can mutate itself into many different forms, making it difficult for traditional antivirus/ anti-malware software to detect and remove it. Polymorphic malware can change its appearance using a variety of methods, including encryption, compression, and randomization.

Watering hole attacks are especially dangerous for small businesses, as they are often targeted due to weaker security measures compared to larger enterprises. However, even large organizations and government agencies have fallen victim to water hole attacks.

Below are some steps you can take to reduce your risk of becoming a victim of this type of attacks:

  1. Use web filtering: web filtering tools can block access to malicious or unknown websites and webpages. This prevents users from accidentally downloading malware from the watering hole.
  2. Use next-generation antivirus (NGAV): NGAV solutions use advanced detection techniques such as machine learning algorithms and behavioral analytics to identify and respond to new and previously unknown threats.
  3. Implement endpoint detection and response (EDR): EDR solutions monitor endpoints such as laptops and desktops for suspicious behavior and can respond to threats in real time.
  4. Implement Network-based detection and response (NDR): NDR solutions monitor network traffic for suspicious activity and can detect and respond to threats that traditional antivirus solutions may miss.
  5. Employ threat intelligence: Threat intelligence services can provide information about emerging threats, including polymorphic malware. You can use this information to identify potential threats and take appropriate action to protect your network
  6. Implement a zero trust network: A zero trust network is a security model that assumes that every user and device on the network is a potential threat. Users must be authenticated before accessing resources on the network, and access is restricted to what is necessary.
  7. Use network segmentation: Network segmentation helps separate critical systems and sensitive data from the rest of the network. This prevents malware from spreading in the event of a successful attack.
Post Disclaimer

The views, impormasyon, or opinions expressed are solely those of the author and do not necessarily represent those of his employer or the organizations with which he is affiliated.

The information contained in this post is for general information purposes only. The information is provided by Farhad Mofidi and while he strives to keep the information current and accurate, he does not make any representations or warranties of any kind, express or implied, regarding the completeness, katumpakan, reliability, suitability or availability of the website. Farhad makes no representations or warranties. or any information, products or related graphics contained in any Post for any purpose.

Also, AI may be employed as a tool to provide suggestions and improve some of the contents or sentences. The ideas, thoughts, opinions, and final products are original and human-made by the author.

 

Mag-iwan ng Sagot

Ang iyong email address ay hindi ilalathala. Ang mga kailangang field ay minarkahan *