Understanding the Targeted Watering Hole Attack

The trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to spear phishing continues to intensify. Now we are seeing targeting applied to watering hole attacks as security researchers recently found in a very sophisticated watering hole attack on DOD and Chinese dissidents via the compromised Forbes.com website.

As this Dark Reading article discusses, the attackers are not taking a blanket approach. “What they want is information associated with the requirements that they have. Usually those requirements are gathering intelligence on intellectual property, gathering strategic intelligence, gathering information on say dissidents or security issues that they’re working.”

I think of this as the sniper at the watering hole. Imagine a poacher trying to kill a white rhino. He knows that the rhino is very likely to visit the local watering hole eventually. One strategy would be to lay out land mines all around the watering hole. That would kill anything coming near, but it would also scare off all the animals (including the white rhino) and attract the attention of the game wardens. The smarter poacher would hide a distance from the watering hole with a sniper rifle, waiting for the rhino to show up, and leaving everyone else alone. If only the rare rhinos are attacked, the others animals are much less likely to notice what is going on.

It’s possible to completely avoid these kinds of targeted web based attacks if you hide your identity. Passages can prevent all forms of tracking, including by IP address, cookies, super-cookies, browser fingerprint and more. With Passages you appear to be one of the masses rather than the target.