Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 149: UNDERSTANDING THE RISK OF WATERING HOLE ATTACK
Reference Number: ACG-CSB 112018149
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security
A watering hole attack is a malware in which the attacker observes the websites often visited by a victim or a particular group, and infects those sites with malware. A watering hole attack has the potential to infect the members of the targeted victim group. Legitimate or popular websites of high-profile companies are usually the focus of watering hole attacks. In most cases, an attacker lurks on legitimate websites which are frequently visited by their targeted prey.
Hacker places some form of malware on a smaller company’s website. The purpose is not to steal any secrets from this company but instead the goal is to infect their customers through cross-site scripting or other techniques. This leads to the gaining of access by the hacker to the customer’s important information or being able to damage their technical assets.
Most users unknowingly provide the tracking information while browsing. The tracking information gives the behavioral web patterns of the targeted victim groups. It also indirectly provides the attackers with information about browsing, cloud services access and security policies of the organizations.
The malware used in this attack usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to the victims’ computers.
One of the ways to defend against watering hole attack is by educating user. Effective detection and prevention techniques are also needed.
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Watering Hole Attack, to wit:
- Update your software - by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches;
- Watch your network closely - To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities; and
- Hide your online Activities - Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent visits and as such, you should hide your online activities.
For additional information, please refer to the following websites:
POINT OF CONTACT