If you’ve been reading the news lately, you may have noticed all the big companies that have been hacked like the Forbes 100: New York Times, Wall Street Journal, Facebook, Twitter, Apple, and Microsoft.
This is disturbing evidence of an extraordinary time for successful hacking attacks: I can’t recall when we saw so many large, important companies announcing that they’ve been successfully attacked.
Some of the discussion out there makes it clear that these are targeted attacks. Targeted attacks are when hackers go after specific companies or people to get data. Unless you work at a company like these or you’re someone well-known, you aren’t likely to be victim of this kind of attack.
But it’s still scary to read about and it naturally makes people wonder: just what exactly is going on? How is this happening?
A different kind of attack
When we think of companies being hacked, we tend to have an image of intruders probing networks in search of a way to break in. But what we’re seeing here is unusual because so many companies are affected. This is different from before because of the scale of the attack and size of its targets.
The consensus is that much of what’s been going on recently is the result of what are called “watering hole” attacks. “Watering hole” attacks are actually the opposite of what we tend to think of when we think of network attacks. Instead of attackers going after their targets, they stake out a place where they know their targets are likely to go, and lie in wait.
Once the targets show up, then they attack. It’s called a “watering hole” attack because it’s similar to a tactic that you’d see in old Westerns where the bad guys would stake out a watering hole in the desert because they knew that their targets would have to stop for water and attack them when they do. Eventually, everyone has to drink from the watering hole…
Cyber Waterhole: Mobile device developer websites compromised?
In these recent attacks it’s likely that websites frequented by developers for various mobile devices were compromised. Towards the end of 2012, TrendLabs saw a watering hole attack targeting visitors to the Council on Foreign Relations website.
Another common feature of watering hole attacks is that they use “zero-day” vulnerabilities like the Java zero day vulnerability I wrote about last month. In fact, these recent attacks are likely the result of another problem affecting Java.
Ultimately, the goal of these attacks is to gain entry into the networks of these companies to steal data or other assets. Sabotage is also a possibility when government facilities and institutions are targeted. You can think of this as the first step in a sophisticated, planned, professional attack.
You probably don’t need to worry
Unless you’re working for an organization like Microsoft or the Council on Foreign Relations, you probably don’t need to worry that you’ll be the target of a watering hole attack. But one thing that you should take from this is that vulnerabilities in Java are causing real problems and may do so for awhile.
You may not have to worry about watering hole attacks but attackers share tricks and you can bet that other attackers are looking to use the same vulnerabilities for broader attacks that could be a threat to you. Of course, make sure that you’re keeping your security software like Trend Micro™ Titanium™ up to date: that can help protect you by blocking access to websites (watering holes) that have been compromised with malware as well as known attacks.
Also, take some time and go ahead and disable Java on your system unless you really need it. If you’re not sure, go ahead and disable it to be safe and only re-enable it if you need it. We have information on how to disable that here: How to Use Java If You Must.
I work for Trend Micro and the opinions expressed here are my own.
For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Internet Security on Facebook at http://www.facebook.com/fearlessweb.