'Watering holes' become popular attack vector for targeted attacks
"Watering holes" are becoming one of the most popular methods for attackers to breach the defenses of organizations, says security firm CrowdStrike in its annual Global Threats report.
Watering hole attacks involve hackers infecting websites that are visited frequently by members of the targeted organization.
"Compromising and weaponizing a legitimate website has significant advantages over spearphishing, which historically has been the most common method of launching a targeted attack. A strategic web compromise does not require social engineering a victim, which can expose an adversary to detection. We believe this tactic will be used with increasing frequency among the adversaries that we are tracking," says Adam Meyers, vice president of intelligence at CrowdStrike.
In its report, CrowdStrike predicts this year will see "increased targeting of third-party vendors, abuse of the Internet's new generic top-level domains, and vulnerabilities in Windows XP, which will reach end-of-life from Microsoft this April."
In addition, the report forecasts "increased use of encryption to help protect and obfuscate malware; greater use of black markets for buying and selling custom-made malware; and increased targeting of attacks around major events, such as the Olympics, the 2014 G20 Summit and major national elections."
CrowdStrike prepares its annual report by examining the activities of more than 50 groups of cyber threat actors. "One of the advantages of focusing on adversaries, rather than malicious code, is that humans have detectable habits and often make mistakes. We believe that the data we have collected here is not only a good summary of what happened in 2013, but a harbinger of the attacks to come in 2014. This is the type of information that enterprises can use to develop better, more effective defenses," adds Meyers.
Spotlight: Watering hole, social media attacks to replace spearphishing
Infographic: Enterprises lost in cloud when it comes to security
Cyberattacks against critical infrastructure doubled in first half of FY 2013