“Watering hole attack”的意思、由来-开放百科全书

Websites are often infected through zero-day vulnerabilities on browsers or other software.^[4] A defense against known vulnerabilities is to apply the latest software patches to remove the vulnerability that allowed the site to be infected. This is assisted by users to ensure that all of their software is running the latest version. An additional defense is for companies to monitor their websites and networks and then block traffic if malicious content is detected.^[6]

Examples

2018 Chinese country-level attack

There was a country-level watering-hole attack in China from late 2017 into March 2018, by the group "LuckyMouse, also known as Iron Tiger, EmissaryPanda, APT 27 and Threat Group-3390."^[7]

2017 Ccleaner attack

From August to September 2017 the installation binary of Ccleaner distributed by the vendor's download servers included malware. Ccleaner is a popular tool used to clean potentially unwanted files from Windows computers, widely used by security-minded users. The distributed installer binaries were signed with the developer's certificate making it likely that an attacker compromised the development or build environment and used this to insert malware.^[8]^[9]

2017 NotPetya attack

In June 2017 the NotPetya (also known as ExPetr) malware, believed to have originated in the Ukraine, compromised a Ukrainian government website. The attack vector was from users of the site downloading it. The malware erases the contents of victims' hard drives.^[10]

2016 Polish banks

In late 2016, a Polish bank discovered malware on computers belonging to the institution. It is believed that the source of this malware was the web server of the Polish Financial Supervision Authority.^[11] There have been no reports on any financial losses as a result of this hack.^[11]

2013 US Department of Labor

In early 2013, attackers used the United States Department of Labor website to gather information on users' information. This attack specifically targeted users visiting pages with nuclear-related content.^[12]

2012 US Council on Foreign Relations

In December 2012, the Council on Foreign Relations website was found to be infected with malware through a zero-day vulnerability in Microsoft's Internet Explorer. In this attack, the malware was only deployed to users using Internet Explorer set to English, Chinese, Japanese, Korean and Russian.^[13]

References

1. ^{{cite web|last1=Gragido|first1=Will|title=Lions at the Watering Hole – The "VOHO" Affair|url=https://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair/|website=The RSA Blog|publisher=EMC Corporation|date=20 July 2012}}
2. ^{{Cite book|url=https://books.google.com/books?id=DDiOCgAAQBAJ&pg=PA57|title=Cyber Guerilla|last=Haaster|first=Jelle Van|last2=Gevers|first2=Rickey|last3=Sprengers|first3=Martijn|date=2016-06-13|publisher=Syngress|year=|isbn=9780128052846|location=|page=57|pages=|language=en}}
3. ^{{Cite book|url=https://books.google.com/books?id=VBuDBAAAQBAJ&pg=PA123|title=Internet Technologies and Information Services, 2nd Edition|last=Miller|first=Joseph B.|date=2014|publisher=ABC-CLIO|isbn=9781610698863|location=|page=123}}
4. ^¹Symantec. Internet Security Threat Report, April 2016, p. 38 https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
5. ^{{Cite news|url=http://searchsecurity.techtarget.com/definition/watering-hole-attack|title=What is watering hole attack?|last=Rouse|first=Margaret|date=|work=SearchSecurity|access-date=2017-04-03|archive-url=|archive-date=|dead-url=|language=en-US}}
6. ^{{Cite news|url=http://www.infoworld.com/article/2614643/security/watch-out-for-waterhole-attacks----hackers--latest-stealth-weapon.html|title=Watch out for waterhole attacks -- hackers' latest stealth weapon|last=Grimes|first=Roger A.|work=InfoWorld|access-date=2017-04-03|language=en}}
7. ^[https://thehackernews.com/2018/06/chinese-watering-hole-attack.html https://thehackernews.com/2018/06/chinese-watering-hole-attack.html]
8. ^{{Cite news|url=http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html|title=CCleanup: A Vast Number of Machines at Risk|website=blogs@Cisco - Cisco Blogs|access-date=2017-09-19|language=en-US}}
9. ^{{Cite news|url=https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users|title=Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users|website=blogs@Piriform - Piriform Blogs|access-date=2017-09-19|language=en-US}}
10. ^https://threatpost.com/researchers-find-blackenergy-apt-links-in-expetr-code/126662/
11. ^¹{{Cite news|url=https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware|title=Attackers target dozens of global banks with new malware|work=Symantec Security Response|access-date=2017-04-02}}
12. ^{{Cite web|url=http://blogs.cisco.com/security/department-of-labor-watering-hole-attack-confirmed-to-be-0-day-with-possible-advanced-reconnaissance-capabilities|title=Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities|website=blogs@Cisco - Cisco Blogs|language=en-US|access-date=2017-04-03}}
13. ^{{Cite news|url=https://threatpost.com/council-foreign-relations-website-hit-watering-hole-attack-ie-zero-day-exploit-122912/77352/|title=Council on Foreign Relations Website Hit by Watering Hole Attack, IE Zero-Day Exploit|date=2012-12-29|work=Threatpost {{!}} The first stop for security news|access-date=2017-04-02|language=en-US}}

Defense techniques