Waterhole Attacks Leverage Popular Sites

Cybercriminals have continually adapted their methods to meet the ever-changing realities of the internet landscape, tweaking their tools to address the exploits present in revamped network security protocols. However, many of the tactics used by hackers have required them to directly approach a target, oftentimes with an assault on a company's system or a widespread phishing email campaign. Recently, some cybercriminals changed their approach to allow their victims to come to them, resulting in an effective method of bypassing robust network and data security measures and releasing malware on unsuspecting users.

Using popular sites to gain access
Waterhole attacks present one of the more insidious threats facing companies today. As explained by Cisco engineer Jaeson Schultz, the technique involves hackers compromising a website that is frequently visited by the intended target. When employees visit one of these sites, a malicious tool scans the user's machine to identify any security vulnerabilities. If one is found, the program then launches an exploit to access the company network.

Several major corporations have fallen victim to waterhole attacks in recent months. Infosecurity Magazine reported that employees from these prominent companies visited a number of compromised websites that launched malware attacks against their businesses. Although the identity of the perpetrators remains unknown, some experts believe these assaults were the result of a coordinated effort. An additional concern regarding waterhole campaigns is their capacity to inflict collateral damage. As noted by Infosecurity Magazine, "[w]aterhole attacks are a compromise between indiscriminate and targeted." Although the hackers who launch these attacks typically have specific groups in mind, their leveraging of popular websites puts many other users outside of that scope in danger. 

Rethinking data security
According to cybersecurity expert and InfoWorld contributing editor Roger Grimes, waterhole attacks have existed for several years but have significantly increased in frequency in recent months. Grimes warned that users should be extremely cautious of any code that they cannot verify themselves as well as ensure that monitoring systems routinely check popular websites for malicious links and redirects. In the end, network administrators may have to block frequently used websites to prevent these attacks from occurring. 

With hackers continually finding new ways to bypass network defenses, businesses should place additional focus on their data security solutions. Waterhole attacks reflect a new threat landscape where company information is at risk even in the absence of direct assaults against the system. To provide their critical information with an extra durable layer of security, administrators should deploy data encryption software. In the event that an employee visits a compromised website and allows a piece of malicious code to enter the network, company leaders can feel confident that their sensitive data is safe behind a layer of encryption.